I am taking input from a text area and inserting into a database. I find that if the text includes a question mark, then the query gets a count error. Should I htmlencode the entire input or something? I also must deal with single quotes - which I have seen the sticky for, but the solution must cover botth issues. How in general do you make input safe for the insert query?.. I should add that it is a guestbook, so maybe converting it is a good idea?

G

From protection standpoint, htmlencoding the output from the database back to the browser is the key, it seems... Still have the other questions about the sql insert open.
G

I find that if the text includes a question mark, then the query gets a count error.

What do you mean? A counter error?

Yeah, really interested in this issue of single quote in TEXT AREA, I had a similar problem, it just won't insert into the database if there is a single qoute. But error is not a counter error.

Abd

Abd,

check out the sticky on single quotes on top of this forum ;)
http://www.codingforums.com/showthread.php?s=&threadid=9843

Single quotes are the only things that need to be replaced for inserting into textfield

Thanks alot raf, the single quote problem is over, thank you as well whammy.

Abd

What do you mean? A counter error?

An error one the query about incorrect count or something.. I will try to recreate it again later.. Thanks all.