Home/ Questions/Q 9190387
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T20:26:58+00:00

I’m using tinymce as my website’s text editor. Whenever I try to add content

  • 0

I’m using tinymce as my website’s text editor.

Whenever I try to add content using it, it works perfectly, but if theres a
' inside the text ( for example : “Can’t” ) I get the following error :

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '...
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You’re not using Prepared Statements. This means that special characters such as ‘ will interfere with your SQL statements. Ultimately, this means that your code is open to SQL injections. Look into using Prepared Statements with PDO. Here’s a simple example from the manual:

    <?php
$stmt = $dbh->prepare("INSERT INTO REGISTRY (name, value) VALUES (:name, :value)");
$stmt->bindParam(':name', $name);
$stmt->bindParam(':value', $value);

// insert one row
$name = 'one';
$value = 1;
$stmt->execute();

// insert another row with different values
$name = 'two';
$value = 2;
$stmt->execute();
?>
    • 0