Hi! I'm a ASP programmer and i'm giving my first steps to use PHP and I already have a problem, it was like this:
I have a form with name, e-mail and post for example.
The name is -> MyName
and
Supose that someone's post is -> I am an ASP programer, and I do not know how PHP works.
the SQL statement would work fine, but imagine that the post was something like -> I'm an ASP programer and I don't know how PHP works.
My problem is that when I do this:
function insertForm($txt_name,$txt_post){
$query="INSERT INTO table_name(id, desc) VALUES('$txt_name','$txt_post')";
$result=$this->cDb->executeQuery($query);
return $result;
}
if the post has quotes( ' ) the SQL statement would be INSERT INTO table_name(id, desc) VALUES('MyName','I'm an ASP programer and I don't know how things work.')
When it tries to insert the post, the red quotes will generate an error, and I can't block the use of them, I can't remove them, or replace them for a code such as \Quote , and when I displayed the text I would replace \Quote for ' , I can't do this because my 'BOSS' doesn't wants this 'TYPE' of solutions...
I don't know if it really generates an error, but my boss said it would and told me to search for a solution. And I just said: "You are the boss, boss" and I have been trying, but 0 finds till now. I do not even have a database to test some solutions.
I have tried to find a function that would just ignore the ( ' ) but unfortunately I don't understand English so well and and all the Notes that I see in are in English and to block the fobidden chars that we want...., not to ignore them.
I know that there is a way, because when I'am posting this, it as ' quotes either and it doesn't generates any error...
If there ain't, I hope someone could tell me if substituing ' with the respective HTML is the best solution as I think it is....
I'm really hopping you can help me...
thank you, at least for having the patience to read this...
I have a form with name, e-mail and post for example.
The name is -> MyName
and
Supose that someone's post is -> I am an ASP programer, and I do not know how PHP works.
the SQL statement would work fine, but imagine that the post was something like -> I'm an ASP programer and I don't know how PHP works.
My problem is that when I do this:
function insertForm($txt_name,$txt_post){
$query="INSERT INTO table_name(id, desc) VALUES('$txt_name','$txt_post')";
$result=$this->cDb->executeQuery($query);
return $result;
}
if the post has quotes( ' ) the SQL statement would be INSERT INTO table_name(id, desc) VALUES('MyName','I'm an ASP programer and I don't know how things work.')
When it tries to insert the post, the red quotes will generate an error, and I can't block the use of them, I can't remove them, or replace them for a code such as \Quote , and when I displayed the text I would replace \Quote for ' , I can't do this because my 'BOSS' doesn't wants this 'TYPE' of solutions...
I don't know if it really generates an error, but my boss said it would and told me to search for a solution. And I just said: "You are the boss, boss" and I have been trying, but 0 finds till now. I do not even have a database to test some solutions.
I have tried to find a function that would just ignore the ( ' ) but unfortunately I don't understand English so well and and all the Notes that I see in are in English and to block the fobidden chars that we want...., not to ignore them.
I know that there is a way, because when I'am posting this, it as ' quotes either and it doesn't generates any error...
If there ain't, I hope someone could tell me if substituing ' with the respective HTML is the best solution as I think it is....
I'm really hopping you can help me...
thank you, at least for having the patience to read this...
![[2thumbsup]](/data/assets/smilies/2thumbsup.gif "[2thumbsup] [2thumbsup]")
![[smile]](/data/assets/smilies/smile.gif "[smile] [smile]")