I know this is probably a question that has been posted a few times before, but I am struggling with using apostrophe’s in my forms and not getting syntax errors when posting to my database. I have tried using stripslash and real escape string but I am just getting syntax errors. I know it is probably how I have my post set up and where I place either the stripslash or real escape string, but thought someone might help me out.
I have an html form that gathers information for selecting a student for student of the month, one of the fields is id=reason, this is where teachers are entering apostrophes and I want them to be able to enter apostrophes, but I need my database to accept them
here is my script:
<?php $con = mysql_connect("localhost","xxx","xxxxx"); if (!$con) { die('Could not connect: ' . mysql_error()); }mysql_select_db("xxxx", $con); $sql="INSERT INTO som (FirstName, LastName, street, city, zip, homeroom, reason, teacher, Parents, Month, SpanishMonth, Date, Spanishdate, Time, TodaysDate,Spanishtodaysdate, DayofWeek, SpanishDayofWeek) VALUES ('$_POST[firstname]','$_POST[lastname]','$_POST[street]','$_POST[city]','$_POST[zip]','$_POST[homeroom]','$_POST[reason]','$_POST[teacher]','$_POST[Parents]','$_POST[Month]','$_POST[SpanishMonth]','$POST[Date]','$_Post[SpanishDate]','$_POST[Time]','$_POST[TodaysDate]','$_POST[Spanishtodaysdate]','$_POST[DayofWeek]','$_POST[SpanishDayofWeek]')" ;if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } mysql_close($con); if ($_POST["firstname"]) { # do something header("Location: viewsom.php"); exit; } ?>Again, the field is ‘reason’ where I need to allow apostrophes
(I removed my information for my database login just in case someone asks)
Thanks for any help I can get!
Nancy
