I've searched and yet nothing I find seems to work.
My problem is that when using special characters as ' the input query breaks. Now, I tried using the mysqli_real_escape_string on my string, but this returns a blank value. I read that the mysqli_real_escape_string should be placed AFTER the database connection, and as far as I know, that is what I have done, yet it returns blank values.
Here's the code:
<?php session_start(); if (isset($_POST['submit'])) { require_once 'connect.php'; $title = mysqli_real_escape_string($_POST['title']); $article = mysqli_real_escape_string($_POST['article']); $query = "INSERT INTO Articles (Title, content) VALUES ('$title', '$article')"; $result = mysqli_query($connect, $query) or die('could not query database'); $_SESSION['artcle'] = 1; $_SESSION['artcle'] = $title; mysqli_close($connect); header('Location: CENSORED'); } ?>