Reputation: 4006
tinymce: apostrophes in editor, faulty mysql post
apostrophes in tinymce editor breaks the mysql query, how do I fix this?
Upvotes: 2
Views: 2417
Answers (2)
Reputation: 31
When writing your variable in PHP make sure to use the addslashes variable. For example;
$text = addslashes($_POST['text']);
This will work. It took me a couple of days to figure this out. I hope it helps.
Upvotes: 3
Reputation: 536359
You've got an SQL-injection problem in your server-side script. The problem is nothing to do with TinyMCE; a plain text field would expose the same issue.
This is a serious security problem. You need to SQL-string-literal-escape every piece of text you put into an SQL query. Better is to use parameterised queries, so that text values don't get directly added into queries.
How you do SQL escaping or parameterised queries depends on what server-side programming language you are using. (eg. for PHP see mysql_real_escape_string, mysqli_bind_param or PDOStatement->execute with parameters argument.)
Upvotes: 3
Related Questions
- Cannot save data containing apostrophe to MySQL database
- How to pass apostrophies from text areas to MySQL using PHP
- mysql ’ show up as ’
- Double Quotes cannot be inserted in database using codeigniter
- mysql text value with apostrophe not showing up correctly
- MySQL apostrophes ' errors
- MySQL LONGTEXT doesn't accept an apostrophe '
- SQL injection and escaping special characters
- MySQL value with apostrophe now showing up in textarea
- Apostrophe replaced by ’ in mySQL table