i'm actually creating a forum from scratch. To insert in my DB the message i use this:
'INSERT INTO forum_sujets VALUES("", "'.$steamprofile['personaname'].'", "'.$steamprofile['steamid'].'", "'.$_POST['titre'].'", "'.$_POST['message'].'", "'.$date.'", "'.$date.'", "'.$_GET['id'].'", "0" , "0", "0")';
But if I insert a text with a " or a ' it create error. How can i fix this ?
You should absolutely avoid directly using raw input in SQL statements as that's a critical security risk for your application. Use prepared statements instead. See How to change from mysql to pdo using prepared statements in PHP? but you can also google, there are many examples online.
As a bonus, this should address any issues you have with spaces and special characters.
I know it may seem like an annoyance but this is a classic and very real security risk, please move to prepared statements.
