How to store data which contains quotes in MySQL

Question

In one of my forms I use the rich text editor from Yahoo!. Now i want to store the data from that textarea in a MySQL database.

The user can enter anything in that texta

Answer 1

You can use mysql_real_escape_string().

Escapes special characters in the unescaped_string, taking into account the current character set of the connection so that it is safe to place it in a mysql_query(). If binary data is to be inserted, this function must be used.

mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.

This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.

e.g.

$value = mysql_real_escape_string(" ' \" etc ");
$sql = "INSERT INTO blah VALUES ('$value')";

But a better solution is to use PDO and prepared statements.