Azyrus Azyrus - 8 months ago 24
PHP Question

Preparing HTML Form Input for SQL Database using PHP

I'm currently testing a html form which sends the data through php to the sql database. The problem I'm facing is special characters break the form and don't update the database. I haven't tested all the special characters but mainly

are the culprits. I've tried mysql_escape_string, preg_replace and add_slashes with no success. What am I missing?

$description = preg_replace('/[^A-Za-z0-9\ %&$=+*?()!.-]/', ' ', $_POST['description']);
$description = preg_replace("/[\n\r]/"," ",$description);

// Items Insert
foreach ($item as $index=>$value) {
$sqlItems .= "
INSERT INTO quote_items (quote_id, item, description, amount, gst)
VALUES ('$last_id', '$item[$index]', '$description[$index]', '$amount[$index]', '$gst[$index]');

Thanks in advance!


you can try this (a little dirty) but it should allow those 2 characters to be saved

$sqlItems .= '
    INSERT INTO `quote_items` (quote_id, item, description, amount, gst)
    VALUES ("'.$last_id.'", "'.$item[$index].'", "'.$description[$index].'", "'.$amount[$index].'", "'.$gst[$index].'");

EDIT: sorry had the quotes reversed