PHP/MySQL string

Question

Basically I'm trying to insert a value in a table from a textarea.

$sql_insert = "INSERT INTO message_admin (message, lastedit_ip, lastedit_date) VALUES ('".$_POST["message"]."', '".$_SERVER['REMOTE_ADDR']."', '".date("d/m/Y")."');";

Thing is if I type either the symbol ' or " in my text area, I will get PHP debug because PHP will take it as if I closed my string (is that the right expression, even?) Hope you did understand me

You're right, PHP does see those characters as delimiters. Take the swearing out and try your question again. — BigScar, Apr 26 '15 at 20:29

score 1 · Accepted Answer · answered Apr 26 '15 at 20:28

1

Use addslashes()

$sql_insert = "INSERT INTO message_admin (message, lastedit_ip, lastedit_date) VALUES ('".addslashes($_POST["message"])."', '".addslashes($_SERVER['REMOTE_ADDR'])."', '".date("d/m/Y")."');";

answered Apr 26 '15 at 20:28

brian

2,745
2
17
33

PHP/MySQL string

1 Answers1