been working on a website for a while trying to make good use of php on it with my own news system. but whenever i try to post to the db with a word that has a ' char in it it causes an error.

im still learning what im doing..but i was hoping someone here might be able to enlighten me as to what im doing wrong.

been working on a website for a while trying to make good use of php on it with my own news system. but whenever i try to post to the db with a word that has a ' char in it it causes an error.

im still learning what im doing..but i was hoping someone here might be able to enlighten me as to what im doing wrong.

Are you using double quotes on your query? If your using single quotes you'd need to escape the single quotes by a \ infront of it.

i tried using
$data = ereg_replace(chr(39), '\'', $_POST['message']);

to fix the problem, it did not work

Run mysql_real_escape_string() on it before inserting into db.

uhm...what? lol

im not too advanced yet, i can do what appears to be basics, but that went over mah head

uhm...what? lol

im not too advanced yet, i can do what appears to be basics, but that went over mah head

I think its used like:

$data = mysql_real_escape_string($connection, $original_data);

or vice versa on the variables inside the function. $connection would be the MySQL connection.

checked it out on google and found another possibility using addslashes, seems easier to use lol but im still lost

well the addslashes worked on it...its at least working now :D

Just use mysql_real_escape_string() (http://www.php.net/function.mysql-real-escape-string) on the value instead of addslashes()...it escapes other characters that are dangerous to mysql queries.

$data = mysql_real_escape_string($_POST['message']);


You don't need to add the mysql connection id. Addslashes is a second-rate solution, and a last resort when database-specific escape functions aren't available.

ty, i did change it to use real escape instead of addslashes.