Hi, Welcome to Webune Support Forums

Today's support questions is regarding MySQL databases and PHP scripts

lets say you have a PHP script which you have a web form

and when you submit the form, the PHP script tries to enter the data, everything works fine, except, when you try to enter data using the & (ampersand) character into your text, then it doest work

also, sometimes, if you try using the single quote character, it fails also. so how do the professionals do it..

if you are having this problem. they it might be because you are a newbie when it comes to databases. well, no worry, We at webune pride ourselves for providing excellent service

if you are unhappy with your current hosting company, give us a try.

to fix this problem you have to escape your string.

for example, lets say in your form you have a field called Interests
<input type="text" name="Interests">

so when the user submits the form, the string value is for example like this:

$Interests= "I like Games & Desktop's Wallpapers";

OK, as you can see, our string contains the ampersand character, so we need to escape it before when send our query, so our query could look like this:

$sql = "INSERT INTO mytable SET interest = '".mysql_real_scape_string($Interests)."'";

now you should not have anymore problems.

mysql_real_scape_string()



the key function here is using the mysql_real_scape_string() - by using this function you will add more security to your scripts. otherwise, if you dont escape your strings, you are exposing your scripts to what it is called "SQL Injection" where your scripts are open to hacking.