In simple terms, "texarea" on my website is like a text message, it allows users to enter text and post it on the page. I just found out that it treats the text as some kind of code, possibly SQL.
When I typed "Hi, we're fine," the apostrophe in "we" caused some confusion.
The error message displayed in the browser:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 're all set')' at line 1
Just in case you're wondering, here's the html:
<form action="comi.php" method="post">
<textarea maxlength="227" type="text" name="input" cols="45" rows="4"></textarea>
<input type="submit" value="POST" id="button" />
</form>
I thought it might have something to do with the database, can anyone help?
Thank you in advance:)
source
to share