I have searched and tried a number of methods but I can't find one that works with the coding I currently have (which was learned from here, thanks).
Might I ask you to indulge me and lend a hand please. I am suffering with the apostrophe when a textbox gets something like harry's typed into it. The form data is sent to a php file that adds the record like this :-
if ($stmt = $mysqli->prepare("INSERT lists (group, owner, pattern, gender) VALUES ('$_POST[Group]','$_POST[Owner]','$_POST[Pattern]','$_POST[Gender]')"))
{
$stmt->execute();
$stmt->close();
}
// show an error if the query has an error
else
{
echo "ERROR: Could not prepare SQL statement.";
}So how do I use "mysqli_real_escape_string" in the above? Of course, if there is a better solution I would be only too pleased to hear.
Thanks for your help.
Obviously I am an absolute dim git.
The page says "If this question is different, please edit it to explain how it is different". I can't even see how the linked page is even similar!
I have now spent three days trying to sort this but without success (yes I did try before I posted here) and I can't see anywhere any example of what I should be doing.
Can anyone please, please, please, explain how I should do this? Example code would help me immensely. It seems that this site helps when someone has at least some understanding of the whole but not when one is absolutely thick. The replies, though well intended and appreciated, were as helpful as a reply simply saying "The number 7 bus doesn't go this way".
Sorry guys.