apostrophes in tinymce editor breaks the mysql query, how do I fix this?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
You’ve got an SQL-injection problem in your server-side script. The problem is nothing to do with TinyMCE; a plain text field would expose the same issue.
This is a serious security problem. You need to SQL-string-literal-escape every piece of text you put into an SQL query. Better is to use parameterised queries, so that text values don’t get directly added into queries.
How you do SQL escaping or parameterised queries depends on what server-side programming language you are using. (eg. for PHP see
mysql_real_escape_string,mysqli_bind_paramorPDOStatement->executewith parameters argument.)