i have been recently trying to find out why my form wouldnt insert into my mysql table, but i found the problem.

when a user writes in the textarea, they cant use an apostrophie ('), for example..... "there's a problem", or else it will not insert.

but if they wrote "theres a problem", it posts just fine.

i know my syntax must be right, else it wouldnt post in the first place.
but if the user does insert ', the mysql error says....problem with syntax

any ideas, as it has me stumped.:confused:

It's very hard to know without looking at all of your code, but it sounds to me like you aren't escaping the data.

In PHP you probably have a query like this:
$mysql = mysql_query("INSERT ... '$text';");

Then if you have an apostrophe in the variable $text, it will end the string early and cause MANY problems, and it is also a HUGE security risk. A user can type mysql directly into the field like this:
Hello.'; DROP TABLE....;

You MUST ALWAYS escape user input to be safe and to avoid problems like this:

$text = mysql_real_escape_string($text);

That should fix it. Just use that immediately before your query (or in a different place if there's a reason...you'll probably know...).

thanx mate, worked like a charm!

I had this same problem a while ago and the way I fixed it was to set Magic Quotes on in the php.ini file. I believe the default is on but mine had been turned off somehow.


; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = On

Perhaps I should also be using $text = mysql_real_escape_string($text); as well, or does Magic Quotes take care of that?

Thanks.

mysql_real_escape_string is the better way to go. magic_quotes has been deprecated and leads to easier sql injection.

magic quotes also leads to other problems; for example, if you have data which is submitted via a form (magic quotes are applied), processed and then sent to a database (magic quotes are applied). As you can imagine, escaping at each step leaves a whole mess of extra quotes, and only one set is un-escaped when the data is pulled back out for use.

Disabling magic quotes is highly recommended.