mySQL Single Quote Issue
I am have an issue with the entries of a large text field being truncated on an insert.
The field is entered via a form and the input value is stored in a variable after submission with...
$note_field = htmlspecialchars($_POST['note_field'], ENT_QUOTES);
I recently had a situation where one record was updated 5 times over several days. The first two had no problem, but on the third, part of this field was truncated due to an embedded single quote within the text. (Note: for security reasons all query strings are written to a transaction log.)
I suspect that there might be an issue with a user using a Mac and thus the weird character set that sometime gets entered.
Any thoughts on how to address this issue?
I would need to see your code, but the fact that a single-quote is causing problems suggests that you aren't sanitizing your data before passing it to the database. This is VERY UNSAFE. Best case is SQL errors and corrupt data, as you are experiencing now. Worst case is someone takes over your database, and from there your website/server.