0

I can submit information through an html form and insert it into a mysql DB without any problems. However, if what I've typed in has a word that is in quotations followed by a hyphen and then a value - even with spaces - (ex: "name"-place), I get a 403 error after submission. I've tried addslashes, I've tried mysql_escape_string, I've tried htmlspecialchars() and nothing seems to work. When I remove one of the two quotations, it works just fine. I've read through lots of posts and have tried several suggestions with no luck.

Thank you.

Psam
  • 29
  • 3
  • 1
    Show us your code – DamiToma Mar 09 '18 at 17:22
  • If you're using `mysql_query` that's a huge problem, but it can be fixed. Can you edit your question to include the code you're working on? – tadman Mar 09 '18 at 17:38
  • You are correct - I am using mysql_query. Should I move to mysqli_query? – Psam Mar 09 '18 at 18:06
  • 1
    You should switch to either mysqli or PDO. See [Why shouldn't I use mysql_* functions in PHP?](https://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) – Thomas F Mar 09 '18 at 18:15
  • Perfect - I read the link - I will do just that. Thank you for your help. – Psam Mar 09 '18 at 18:38
  • Ok, I tried but no luck. submitted the value (from input form on previous page) "test"-6 and received the error. However, I tried "test"-t and no issues - so, when there is a quote (") plus (-) plus a number, it errors, but a quote (") plus (-) and letter equals no error - weird... – Psam Mar 09 '18 at 19:31

0 Answers0