sunny sunny - 5 months ago 10
SQL Question

How Apostrophe is stored in database using php form text area?

I have a code file with name of "form.php". In this I create a web form and using text area tag in it. I have a problem. When I write something in text area and use Apostrophe in my text then data can not store in database. But when I write text without Apostrophe data stored in database. How can I fix my problem?

My code is below:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><?php
$connection = mysql_connect("localhost", "root", ""); // Establishing Connection with Server
$db = mysql_select_db("aaaaa", $connection); // Selecting Database from Server
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
$txtTitle = $_POST['txtTitle'];
$txtReferance = $_POST['txtReferance'];
$txtToName = $_POST['txtToName'];
$chkConfidential = $_POST['chkConfidential'];
$txtToDesignation = $_POST['txtToDesignation'];
$txtDate = $_POST['txtDate'];
$cmbSolutation = $_POST['cmbSolutation'];
$txtToEntity = $_POST['txtToEntity'];
$txtToAdd1 = $_POST['txtToAdd1'];
$txtThankYou = $_POST['txtThankYou'];
$txtToAdd2 = $_POST['txtToAdd2'];
$cmbYoursTruely = $_POST['cmbYoursTruely'];
$txtToAdd3 = $_POST['txtToAdd3'];
$txtSignatureName = $_POST['txtSignatureName'];
$txtToCity = $_POST['txtToCity'];
$cmbSDesignation = $_POST['cmbSDesignation'];
$txtHeading1 = $_POST['txtHeading1'];
$txtEnch1 = $_POST['txtEnch1'];
$txtHeading2 = $_POST['txtHeading2'];
$txtEnch2 = $_POST['txtEnch2'];
$txtHeading3 = $_POST['txtHeading3'];
$txtEnch3 = $_POST['txtEnch3'];
$txtRational = $_POST['txtRational'];


//Insert Query of SQL
$query = mysql_query("INSERT INTO test(file_name, ref_no, to_name, confidential, designation, date, solutation, entity, add_1, thank_you, add_2, yours_truly, add_3, sign_name, city, s_designation, heading_line_1, encl_line_1, heading_line_2, encl_line_2, heading_line_3, encl_line_3, text)

values

('$txtTitle', '$txtReferance', '$txtToName', '$chkConfidential', '$txtToDesignation', '$txtDate', '$cmbSolutation', '$txtToEntity', '$txtToAdd1', '$txtThankYou', '$txtToAdd2', '$cmbYoursTruely', '$txtToAdd3', '$txtSignatureName', '$txtToCity', '$cmbSDesignation', '$txtHeading1', '$txtEnch1', '$txtHeading2', '$txtEnch2', '$txtHeading3', '$txtEnch3', '$txtRational')");
echo "<br/><br/><span>Data Inserted successfully...!!</span>";
}
else{
echo "<p>Insertion Failed <br/> Some Fields are Blank....!!</p>";
}

//mysql_close($connection); // Closing Connection with Server
?>

Answer

This is what you're looking for: mysql_real_escape_string

Use it over every field to escape such characters.

$txtTitle = mysql_real_escape_string( $_POST['txtTitle'] );
// same for all other columns

PS: Use mysqli , mysql is deprecated and slow too.