Home/ Questions/Q 3238400
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T17:50:57+00:00

I am using TinyMCE on my new site in english, that I am doing

  • 0

I am using TinyMCE on my new site in english, that I am doing by myself (I am like a sunday programmer 🙂 ). As before I was doing sites in my native language, I did not get this problem:

So… when i write in the textarea a word ” don’t ” or ” doesn’t ” the ” ‘ ” breaks the MySQL query and I get an error about MySQL syntax. Is there a way to go around this and allow ” ‘ ” to be saved in the database?

The code for edit page looks like this

<textarea rows="12" cols="50" height="200px" name="text" >
   <?php echo $row['text'];?>
</textarea>

And query

$sql="UPDATE works SET client='".$_POST["client"]."', description='".$_POST["description"]."', text='".$_POST["text"]."', image='".$_FILES["attels"]["name"]."' WHERE id=".$_GET['id']."";

And also, is there a way to remove <p> tag from The textarea, because tinymce automatically sets these

in front of every paragraph. But I don’t need them.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can clean up text that you are inserting into the database with the mysql_real_escape_string() function. This adds backslashes in front of the characters that can cause problems, such as the single quote.

    $sql="UPDATE works SET client='".mysql_real_escape_string($_POST["client"])."', description='".mysql_real_escape_string($_POST["description"])."', text='".mysql_real_escape_string($_POST["text"])."', image='".mysql_real_escape_string($_FILES["attels"]["name"])."' WHERE id=".sprintf("%d", $_GET['id'])."";

    Ideally you should also use sprintf() to guard against SQL injection.

    • 0