I am trying to remove characters that cause an issue in text to then add to my database.
I am adding a variable called $review. To clean it , I am using…
[php]$review = htmlentities($params[‘review’], ENT_QUOTES);[/php]
That get’s added to a form as a hidden field which is then added to a MySQL table in the form processor.
This works fine on double quotes, but breaks on single quotes and gives me an sql error. If I look at the form just before I send it, I can see that it is rendering (for a single quote) as (for example)
<input type="hidden" name="review" value="test of single quote '" id="review" />
Yet - even though it has rendered the quite as htl entity, I still get the following when I try to send the form.
Error in update query 6: . You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''test of single quote '')' at line 2
Can anyone advise?