Newbie type question re html form and apostrophes

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


I'm new to PHP and learning the ropes at present. I'm setting up an html
form on a website and then have a PHP script to email the details to a
specified address then add the html form intput into a MySQL database. All
is working well but now I'm dealing with people entering apostrophe's into
the form fields in their name, feedback etc. Here's my PHP script:

// Pick up the form data and assign it to variables
$firstname = $_POST['first_name'];
$surname = $_POST['surname'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$comments = $_POST['comments'];

$to = '';
$subject = "New Website Feedback/Contact Us";
$message = "Firstname: $firstname\n\nSurname: $surname\n\nPhone:
$phone\n\nComments: $comments\n\nEmail: $email\n\nRemote Referrer:
\n\nUser Agent:
\n\nIP Address:
\n\nRemote Host: ";
$headers = "From: $email";

// Send the mail using PHPs mail() function
mail($to, $subject, $message, $headers);

$con = mysql_connect("sqldatabase","username","password");
if (!$con)
  die('Could not connect: ' . mysql_error());
  }mysql_select_db("sqldatabase", $con);$sql="INSERT INTO web_contacts
(first_name, surname, email, phone, comments, ip_address, remote_host,
user_agent, referrer)
('$firstname', '$surname','$email', '$phone', '$comments',
'', '',
'', '')";if
  die('Error: ' . mysql_error());
echo "1 record added";mysql_close($con)

What's the best way to allow users to enter apostrophes in any of the fields
(e.g. here's some feedback, D'Oniforiou, etc) and have them accepted by the
SQL database and have the email not show:

here's my comments

intead of:

here's my comments


Re: Newbie type question re html form and apostrophes

Quoted text here. Click to load it

Google for magic_quotes and read all the reasons why you shouldn't use
them, then read the docs on mysql_real_esacape_string() (for how to
put the string into the database) and htmlentities() for how to put
the string back in an HTML page.


Site Timeline