Mysql + php with special characters like '(Apostrophe) and " (Quotation mark)

Question

I have been struggling with a small problem for a while. It\'s been there for years but it\'s just been an irritating problem and not a serious one, and I have just worked a

Answer 1

Always at least use mysql_real_escape_string when adding user-provided values into the Database. You should look into binding parameters or mysqli so your query would become:

INSERT INTO `table` (`row1`) VALUES (?)

And ? would be replaced by the actual value after sanitizing the input.

In your case use:

$result = mysql_query("INSERT INTO `table` (`row1`) VALUES ('".mysql_real_escape_string($_POST['text'])."') ") or die(mysql_error());

Read up on SQL Injection. It's worth doing right ASAP!