Hey So I think my question is fairly easy but I just can't seem to find the right way to fix it.
I have a form the user is suppose to fill that its then inserted to a database and it can be retrieved later on, and it was working fine until when testing I used quotes...when using quotes(single or double) the strings closes and it's only inserted the first part of the string.
For example if he writes "Jeff's house", the only things I get is "Jeff\"
what gives?
The issue you have is that users can affect your database using MySQL injection.
Have a read on PDO Prepared statements to avoid users being able to use single/double quotes to their advantage to break the string and send commands directly to your SQL database, compromising your data.
It works by separating the string from the SQL statement so that it is not part of the instruction to the database.
(Using this system will also mean that your database will be able to store the entire string, regardless of quotation marks - but they will have a slash (\) before each one when stored. These can be removed when displaying the data using the stripslashes command.)
Use mysql_escape_string() function to filter you string before use it in the INSERT query.
for more help see this link http://php.net/manual/en/function.mysql-escape-string.php
