the text I am trying to insert has a ' in one of the words and its causing it to give an error.
how do i avoid this?
the exact text " Big Hugs to Hillcrest High Small Animal Class which hosted a bake sale in memory of their school counselor's beloved doxy, Callie. They were able to raise $280 to go towards our spay/neuter program. (11/9/10)"
here is the error: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's beloved doxy, Callie. They were able to raise $280 to go towards our spay/neu' at line 1"
here is the script:
if(isset($_POST['submit'])) {
$text = $_POST['bighug'];
$text = stripslashes($text);
if ($text == '') {
echo '<p><span class="error">Error: Please fill out the form box before submitting</span></p>';
}
if(!empty($text)){
mysql_query("INSERT INTO bighugs (id,bighug) VALUES ('id','$text')") or die("error inserting into db ".mysql_error( ));
echo '<p>Big Hug Added!</p>';
echo '<p><a href="?page=bighugs">Home</a> <a href="?page=bighugs&process=add">Add</a> </p>';
}
}
// Uploading form
echo '<h1>Add Big Hug</h1>';
echo '<div class="add">';
echo '<form method="post" action="?page=bighugs&process=add" >
<br />
<textarea name="bighug" cols="40" rows="5"></textarea><br />
<input type="submit" name="submit" class="button" value="Add Big Hug">
</form>';
echo '</div>';*** I know there is minimum security in this script.. its not essential right now i will be adding it in later after i fix this problem ***
