Clever Geek Handbook

Problem using tinymce editor

I am using tinymce as my website's text editor.

Whenever I try to add content using it, it works fine, but if theres '

inside the text (ex: "Not possible"). I am getting the following error:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '...
+3


source to share


1 answer


You are not using prepared messages. This means that special characters such as "will interfere with your SQL statements". Ultimately this means that your code is open to SQL injection . Learn to use prepared statements with PDO . Here's a simple example from the manual :



<?php
$stmt = $dbh->prepare("INSERT INTO REGISTRY (name, value) VALUES (:name, :value)");
$stmt->bindParam(':name', $name);
$stmt->bindParam(':value', $value);

// insert one row
$name = 'one';
$value = 1;
$stmt->execute();

// insert another row with different values
$name = 'two';
$value = 2;
$stmt->execute();
?>
+4


source






More articles:


All Articles