the text I am trying to insert has a ' in one of the words and its causing it to give an error.
how do i avoid this?
the exact text " Big Hugs to Hillcrest High Small Animal Class which hosted a bake sale in memory of their school counselor's beloved doxy, Callie. They were able to raise $280 to go towards our spay/neuter program. (11/9/10)"
here is the error: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's beloved doxy, Callie. They were able to raise $280 to go towards our spay/neu' at line 1"
here is the script:
if(isset($_POST['submit'])) { $text = $_POST['bighug']; $text = stripslashes($text); if ($text == '') { echo '<p><span class="error">Error: Please fill out the form box before submitting</span></p>'; } if(!empty($text)){ mysql_query("INSERT INTO bighugs (id,bighug) VALUES ('id','$text')") or die("error inserting into db ".mysql_error( )); echo '<p>Big Hug Added!</p>'; echo '<p><a href="?page=bighugs">Home</a> <a href="?page=bighugs&process=add">Add</a> </p>'; } } // Uploading form echo '<h1>Add Big Hug</h1>'; echo '<div class="add">'; echo '<form method="post" action="?page=bighugs&process=add" > <br /> <textarea name="bighug" cols="40" rows="5"></textarea><br /> <input type="submit" name="submit" class="button" value="Add Big Hug"> </form>'; echo '</div>';
*** I know there is minimum security in this script.. its not essential right now i will be adding it in later after i fix this problem ***