I am using WAMP
and created a database, using php to access the data base.
I have created three files one is controller, second is a form to input data to db and third to list the items in the database .
works good but problem occurs when trying to insert double quoted word (ex. “hello”)into the db.
any suggestion please.
escape your quotes before building the SQL statement. PDOs execute() will do this for you.
- Use PDO for your database interactions, substituting variables with placeholders in your SQL statements.
- escape special HTML characters in the data before output, using
htmlspecialchars()
but only when outputting as HTML - not when saving to the database
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.