0

I would like to prevent users typing a " quote inside the input text field because it's creating errors in fields. How can i do that with a restriction ?

my input field is a simple long text field like this

<div class="form-group">
 <label>Long Description</label>
 <textarea class="form-control" name="LongDescription" maxlength='1500' 
 rows="9" placeholder="Enter ..."></textarea>
</div>
DFd
  • 97
  • 8
  • 5
    My initial reaction is that this smells like a SQL injection issue, and you should address the problem, not the symptom. What does "it's creating errors in fields" mean? – Alex Howansky Jan 28 '22 at 21:36
  • if i type inside there the answer Test " fefee " then it breaks the code and nothing is saved inside database – DFd Jan 28 '22 at 21:36
  • 4
    Right, SQL injection. Instead of building queries with string concatenation, always use [**prepared statements**](https://secure.php.net/manual/en/pdo.prepare.php) with [**bound parameters**](https://secure.php.net/manual/en/pdostatement.bindparam.php). See [**this page**](https://phptherightway.com/#databases) and [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) for some good examples. – Alex Howansky Jan 28 '22 at 21:38
  • 2
    Why do you want to prevent users from typing a quote in the first place? – steven7mwesigwa Jan 28 '22 at 21:39
  • 1
    What if I type `" DROP TABLE users;`? https://stackoverflow.com/q/60174/562359 – Hendrik Jan 28 '22 at 21:42
  • " DROP TABLE users; wont drop the table users but it would just not save any fields inside the rest of the page – DFd Jan 28 '22 at 22:01

0 Answers0