html entities not converting data to put into my database


I am trying to remove characters that cause an issue in text to then add to my database.

I am adding a variable called $review. To clean it , I am using…

[php]$review = htmlentities($params[‘review’], ENT_QUOTES);[/php]

That get’s added to a form as a hidden field which is then added to a MySQL table in the form processor.

This works fine on double quotes, but breaks on single quotes and gives me an sql error. If I look at the form just before I send it, I can see that it is rendering (for a single quote) as (for example)

<input type="hidden" name="review" value="test of single quote &#039;" id="review" />

Yet - even though it has rendered the quite as htl entity, I still get the following when I try to send the form.

Error in update query 6: . You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''test of single quote '')' at line 2

Can anyone advise?

Sponsor our Newsletter | Privacy Policy | Terms of Service