Insert from textfield with '

PHP
1

I have some trouble everytime a person writes something with a " ’ " like 20’th… Then the record doesn’t go into the database…

How do I get passed this?

The form:

echo '<textarea id="box1" name="box1" rows=4 cols="66"></textarea>';

The insert part:

$news = $_POST['box1'];

mysql_query("INSERT INTO ".$prefix."_news (userid,news,newsdate) VALUES ('$userid','$news',NOW())");

Please help… Thanks in advance :wink:

2 

mysql_query("
  INSERT INTO ".$prefix."_news (userid,news,newsdate) 
  VALUES (
      '$userid'
    , '" . mysql_real_escape_string($news) . "'
    , NOW())
");

Assuming that $userid isn’t another value from the form. If it is, you must pass that through mysql_real_escape_string as well, to avoid SQL injection.

3

Thanks man… did the job :wink: