Enter quotes and double quotes in a html textarea without an insertion operation fail in database. Is it possible?

Question

In my site I have a textarea whose text is inserted into a field in my database. I would like to be able to enter quotation marks and quotes without the insertion operation in the database fail. Is it possible? How can I do?

I have this code.

HTML

<div class="field">
    <label class="etichetta">Descrizione</label>
    <br>
    <textarea name="descrizione" rows="10" cols="40" maxlength="650"></textarea>
</div>

PHP

.
.
$descrizione = $_POST['descrizione'];

$query = "INSERT INTO couponFuturi (coupon, descrizione, immagine, alt, prezzoOriginale, prezzoScontato, scadenza, sezione)
VALUES ('$coupon', '$descrizione', '$imgUrl', '$imgAlt', '$prezzoOriginale', '$prezzoScontato', '$scadenza', '$sezione')";

$result = mysqli_query($db, $query);

The insertion operation returns a syntax error caused by the presence of quotes and double quotes.

[**Use prepared statements and parameterized queries.**](https://stackoverflow.com/a/60496/3903412) — Joe Black, Jun 24 '17 at 09:07

score 2 · Accepted Answer · edited Jun 24 '17 at 09:24

use addslashes() method of php to add slashes before quotes when saving to database, and use stripslashes() when you get your data from database and display to user as

// at the time of inserting the data in db
$descrizione = addslashes($_POST['descrizione']);

and

// when you get the data from db to display
$descrizione = stripslashes($descrizione);

Enter quotes and double quotes in a html textarea without an insertion operation fail in database. Is it possible?

1 Answers1