0

My problem is. I have an input on HTML code which receives the users text. That could be

just an "example" of an entry (on the input);

So, I need to convert that special caracters ", (, ), ', ' to the special codes html special codes

I'm trying to use php function str_replace to swap the caracters with the code, but when I do that the new string keep the caracters instead of the code. Is there any way to convert those caracters to use them on a sql insert/update without errors?

I hope that edit help a little. Sorry about my english.

Alexandre Bento
  • 35
  • 1
  • 10
  • 1
    What you need for saving in SQL is __prepared statements__ and not the useless stuff you're trying right now. – u_mulder Nov 23 '17 at 19:33
  • 4
    Possible [XY Problem](https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem) – FirstOne Nov 23 '17 at 19:33
  • Why not simply *escape* the characters with \ when outputting them in PHP? It's unusual to want to insert quotes into a database. I agree that this seems like an XY problem. – Obsidian Age Nov 23 '17 at 19:34
  • I edited that. I'll read about that injection u_mulder. Thank you. – Alexandre Bento Nov 23 '17 at 19:45

0 Answers0