How to store a string with special characters from a form to mysql database, using php?

Question

im using xampp

i used the $_POST[] to get the text from a text box in a form file to store it in a table.

if the text entered in the form contains any of these characters (,.?' " \ ; :> <!...) it returns an error message like this,

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's missile_carrier?' at line 3

The entered text was "China hails: first; test of-hypersonic nuclear's missile_carrier?"

how to make it accept the text with these characters ((,.?' " \ ; :> <!...)...

pls help

Switch to MySQLi / PDO (if you are still using the deprecated, old, `mysql_*` functions) and use parameterized queries. — Amal Murali, Jan 20 '14 at 14:01
$sql="INSERT INTO resource (date, title, country, field, impact, reference) VALUES ('$_POST[$date]','$_POST[$title]','$_POST[$country]','$_POST[$field]','$_POST[$impact]','$_POST[$reference]')"; — user3203609, Jan 20 '14 at 14:05
Your code has a security vulnerability called SQL injection. Once you fix it, your problem will go away. See http://stackoverflow.com/a/60496/32775 for a way to solve this problem. — luiscubal, Jan 20 '14 at 14:10

score 0 · Answer 1 · answered Jan 20 '14 at 14:05

0

As advised please use mysqli and then use mysqli_real_escape_string http://uk3.php.net/manual/en/mysqli.real-escape-string.php

answered Jan 20 '14 at 14:05

Shaun Hare

3,771
2
24
36

How to store a string with special characters from a form to mysql database, using php?

1 Answers1