i have some HTML code saved in a PHP string\[code\]$str = "<font size=2 color=#e0e0e0>you don't have a clue</font>";\[/code\]i have to write this string to DB so the \[code\]$str\[/code\] has to become part of the query.. now whatever my query... its working fine as long as there are no \[code\]'\[/code\]SINGLE QUOTES in the string.... any of the following two will solve my problem
- some built-in method parse a PHP string and remove all the \[code\]'\[/code\]SINGLE QUOTES from it... i remember mention of such a function while going through SQL Injection.
- How to allow \[code\]'\[/code\]SINGLE QUOTES submitted to DB via Query without altering Query i.e how to make this query work
- we can't have users to take care of it or follow a technique to have successfull \[code\]'\[/code\] submission
- the \[code\]$str\[/code\] comes from user input... i am using WMD and PHP Markdown, so now you know where the problem is...