I am getting data though a PHP text box and inserting it into a

Question

0

Asked: May 27, 20262026-05-27T17:14:07+00:00 2026-05-27T17:14:07+00:00

I am getting data though a PHP text box and inserting it into a

0

I am getting data though a PHP text box and inserting it into a MySQL database with a normal insert command. The text box takes in a comment frm the user for a particular Accession ID next to the text box. The problem is that when a user types in apostrophe (‘) for example the sentence “We have to take care of the PC’s”, an error is thrown.

I know why its happening because the SQL assumes it as the end of the string for that value but I don’t know how to escape it. I would prefer escaping it in MYSQL.

If I escape it in MySQL can it still be exploited as SQL injection even if no error is generated and the insert works fine?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T17:14:07+00:00

Editorial Team

2026-05-27T17:14:07+00:00Added an answer on May 27, 2026 at 5:14 pm

Use mysql_real_escape_string(), or better yet, use parameterised queries with PDO.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am getting data though a PHP text box and inserting it into a

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply