Home/ Questions/Q 8889013
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T22:09:27+00:00

I have a site and the user inputs a title. I want the title

  • 0

I have a site and the user inputs a title. I want the title to be able to use any punctuation. My problem is ill have a query:

"INSERT INTO table(title, body) VALUES ('$title','$body')";

where $title and $body are GET vars. What happens it when i put a quote in for the title it acts as if it ends the string and creates and invalid sql query. Say i have

$title = "I'm entering a title";
"INSERT INTO table(title, body) VALUES ('$title','$body')";
//"INSERT INTO table(title, body) VALUES ('I'm entering a title','$body')";

It ends the string. I’ve tried using all double quotes and escape characters but nothing. Does anyone know a solution?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your query is vulnerable with SQL Injection but using PHP’s PDO or MySQLi helps you solve that problem (also allows you to insert single quotes in the database), Please read the article below

    • 0