insert or update query trouble using in input type apostrophe

Question

i have trouble with adding value in database. When i add value in input type with out apostrophe then it's working. Example:

<input type="text" id="sample" name="sample" value="it is good">

But when i put the value with apostrophe it's not working. For example:

<input type="text" id="sample" name="sample" value="it's good">

possible duplicate of [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Sougata Bose, Jul 24 '15 at 05:14

score 0 · Answer 1 · edited Jul 24 '15 at 05:14

0

at php use $var = mysql_real_scape_string($_POST); you need to escape it.

edited Jul 24 '15 at 05:14

Sougata Bose

answered Jul 24 '15 at 05:13

Marcos Brinner

So it's seems a magic quotes troble try to disable it or enable it took one look at this manual [link](http://php.net/manual/pt_BR/security.magicquotes.disabling.php) – Marcos Brinner Jul 24 '15 at 05:31
if it don't solve try to use it `$var = str_replace("'","'",$_POST['string']); ` it will basicly replace your quote to a html char code :) – Marcos Brinner Jul 24 '15 at 05:35
take one look at log file – Marcos Brinner Jul 28 '15 at 14:46

score 0 · Answer 2 · answered Jul 28 '15 at 09:07

0

$sample = htmlspecialchars($sample,ENT_QUOTES);

this is working. The value is store with "&#39" for "'".

Thanks guys for your help.

answered Jul 28 '15 at 09:07

sanji

2 Answers2