I have a registration form on a website. I'm using a pretty standard php form to send the form submission to me via email. I'm using a formhook to also insert those form entries into a mysql database. The only problem I have is when someone tries to include single or double quotes in a field. For instance one field asks for verbiage for the back of a t-shirt. Some people just seem to want to add quotes to their verbiage. This causes the information to not be inserted into the database. I'm somewhat new to sql and have been reading up on escaping quotes but still not grasping the solution. See my form below .. this is the formhook that inserts the information into the database. Is there a statement I can add to the php code that will allow both single and double quotes? Thank you!
$con=mysql_connect($hostname,$username,$password);
if(! $con)
{
die('Connection Failed'.mysql_error());
}
mysql_select_db($database,$con);
//if submit is not blanked i.e. it is clicked.
{
$sql="insert into sponsors2015(realname, sponsorname, email, phone, shirtnameverbiage, platinum_2500, gold_2000, silver_1500, bronze_1000, beverage_500, longdrive_200, closest_to_pin_200, par3_150, hole_100) values('".$_REQUEST['realname']."', '".$_REQUEST['sponsorname']."', '".$_REQUEST['email']."', '".$_REQUEST['phone']."', '".$_REQUEST['shirtnameverbiage']."', '".$_REQUEST['platinum_2500']."', '".$_REQUEST['gold_2000']."', '".$_REQUEST['silver_1500']."', '".$_REQUEST['bronze_1000']."', '".$_REQUEST['beverage_500']."', '".$_REQUEST['longdrive_200']."', '".$_REQUEST['closest_to_pin_200']."', '".$_REQUEST['par3_150']."', '".$_REQUEST['hole_100']."')";
$res=mysql_query($sql);
if($res)
{
Echo header('Location: sponsor-registration-success.php');
}
Else
{
Echo header('Location: sponsor-registration-problem.php');
}
}
