Hello I seem to be having a problem with my "UPDATE" queries when one of my users inserts an apostrophe (') in a query.
Im having the user be able to update his or her "BLOB" which would be the front page of their webpage, but if they put a (') in it, it causes an SQL Error because in my pre-written Query, I have UPDATE blah SET x='$form[z]'.
So I need to know either: Is there a way to make them work by inserting (\)'s somewhere, or should I just setup another script (help needed with this too) to just remove all of the (')'s from the textarea before I put it into the Query.
Thanks all!
Im having the user be able to update his or her "BLOB" which would be the front page of their webpage, but if they put a (') in it, it causes an SQL Error because in my pre-written Query, I have UPDATE blah SET x='$form[z]'.
So I need to know either: Is there a way to make them work by inserting (\)'s somewhere, or should I just setup another script (help needed with this too) to just remove all of the (')'s from the textarea before I put it into the Query.
Thanks all!