select box data with apostrophe not submit in database

Question

If I input acesr'ss as categoryname in my POST-Request, it will insert only acesr into my database. I can't figure out why.

Relevant code snippet:

$cate_name=mysqli_real_escape_string($conn,$_POST['categoryname']);

$usersql="Insert INTO abc(category_name) VALUES('".$cate_name."')";

I also tried addslashes, but get the same problem.

use this code `$cate_name=htmlentities(mysqli_real_escape_string($conn,$_POST['categoryname']));` — mufazmi, Dec 08 '19 at 04:48

Ajith · Answer 1 · 2019-12-07T09:08:33.820

0

Can you try to insert using parameterised sql query.this will prevent sql injection

$dmessage = html_entity_decode ($cate_name, ENT_QUOTES | ENT_XML1, 'UTF-8') ;
$createSql = $db->prepare(" INSERT INTO abc(category_name) VALUES(:cate_name)" );
$createSql->execute(array(
                        ":cate_name" => trim($cate_name)
                    ));

edited Dec 07 '19 at 09:08

answered Dec 07 '19 at 09:00

Ajith

2,476
2
17
38

1

Neither use `html_entity_decode()`, you don't need it. – Progman Dec 07 '19 at 14:31
no,its not working....sorry to inform i am getting select box data by calling ajax/jquery. – Djha Dec 13 '19 at 07:16

select box data with apostrophe not submit in database

1 Answers1