| Subject | Insert String question: more detail |
|---|---|
| Author | Screawn |
| Post date | 2002-04-24T13:40:39Z |
If a user enters into a form <input name="company" type='text'>
Company_name: Dave's Company
A single quote is used to show ownership.
The php variable $company is placed within an insert statement.
$sqlstring="Insert into Customers(customer_no,company_name)values
(gen_id(gen_customer_no,1),'$company');";
..execute($sqlstring)
This works fine as long as the user doesnt enter a single quote in
the Company name field. How can the user enter a single quote without
generating an error?
Company_name: Dave's Company
A single quote is used to show ownership.
The php variable $company is placed within an insert statement.
$sqlstring="Insert into Customers(customer_no,company_name)values
(gen_id(gen_customer_no,1),'$company');";
..execute($sqlstring)
This works fine as long as the user doesnt enter a single quote in
the Company name field. How can the user enter a single quote without
generating an error?