Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
When I try to instert a string that contains a quote mark, the INSERT query fails. How can I insert strings with single or double quotes?
for example:
$message = "Bob said 'don't forget to call me'";
mysql_query("INSERT INTO someTable (messages) VALUES ('$message')");
I figure the input needs to be filtered but which function should I use for that?
this function should be applied to every variable you are going to insert into query in quote marks. No exceptions.
It is not really protection from sсaring injection but just a syntax rule.
Though you will need a real protection too.
I’ve explained that in detail in recent answer: In PHP when submitting strings to the database should I take care of illegal characters using htmlspecialchars() or use a regular expression?