How to handle ' in submitting string using php in mysql database?

Question

I get a syntax error when I submit a text with ' in the text area below. Please help

<form id = "createContent" action = "createContent.php" method = "POST">
    <input id="title" type="text" name="title" placeholder ="Enter Title"><br>
    <input id="author"type="text" name="author" placeholder = "Enter name of author"><br>
    <!-- <input id="content"type="text" name="content" placeholder = "Write Here"><br> -->
    <textarea id="content" rows="4" cols="100" placeholder = "Write Here" name="content" form="createContent"></textarea><br>
    <button id = "postButton" type = "submit">Post</button>
</form>

//the php code
<?php
require "connection.php";

$author = $_POST['author'];
$title = $_POST["title"];
$content = $_POST["content"];
$date = date("Y/m/d");
echo $content;
echo "<br>";
$sql = "INSERT INTO `tbl_posts`(`date`, `content`, `title`, `author`) VALUES ('$date','$content','$title','$author')";

if ($conn->query($sql) === TRUE) {
    echo " <br> Posted!";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();

 ?>

The datatype of the text are in the mysql database is long text

Use prepared statements. https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php — Nick, Feb 09 '20 at 01:59
The apostrophe is seen upon being a possible SQL injection. That's why your query isn't working properly. Ideally, a prepared statement would be the better option. — Funk Forty Niner, Feb 09 '20 at 02:20

How to handle ' in submitting string using php in mysql database?

0 Answers0