gets error when in insert statement comes symbol like '

Asked May 15 '17 at 14:33

Active May 15 '17 at 14:33

Viewed 20 times

i have simple page which takes comment from user and add it to database. it even works good whenever there is plane comment of user. but when users comment contains symbol like ' this it shows error. plz help

code is:---

$title=$_POST['title'];

$message=$_POST['message'];

$message=htmlspecialchars($message);
mysqli_query($conn,"insert into 
diary(no,datetime,title,mydiary)values(null,now(),'$title','$message')");

and error when comment contains symbol '

 Error description: You have an error in your SQL syntax; check the manual 
that corresponds to your MySQL server version for the right syntax to use 
 near 'th')' at line 1

asked May 15 '17 at 14:33

RISHIIII

http://php.net/manual/en/mysqli.real-escape-string.php – Alex Slipknot May 15 '17 at 14:35
1

Use prepared statements! https://www.w3schools.com/php/php_mysql_prepared_statements.asp – Chin Leung May 15 '17 at 14:38

gets error when in insert statement comes symbol like '

0 Answers0