how escape quotes when inserting into database in PHP

Posted by Mauro74 on Stack Overflow See other posts from Stack Overflow or by Mauro74
Published on 2010-04-07T12:01:50Z Indexed on 2010/04/07 12:13 UTC
Read the original article Hit count: 351

Filed under:
|
|
|

Hi all, I'm quite new to PHP so sorry if sounds such an easy problem... :)

I'm having an error message when inserting content which contains quotes into my db. here's what I tried trying to escape the quotes but didn't work:

$con = mysql_connect("localhost","xxxx","xxxxx");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("test", $con);

$nowdate = date('d-m-Y')

$title =  sprintf($_POST[title], mysql_real_escape_string($_POST[title]));

$body = sprintf($_POST[body], mysql_real_escape_string($_POST[body]));

$sql="INSERT INTO articles (title, body, date) VALUES ('$title','$body','$nowdate'),";

if (!mysql_query($sql,$con))
  {

die('Error: ' . mysql_error());

}

header('Location: index.php');

Could you provide any solution please?

Thanks in advance.

Mauro

© Stack Overflow or respective owner

Related posts about php

Related posts about escape