I have a script that inserts variables into a database something like:
INSERT INTO table_name (text1,text2,text3,text4) VALUES (’$text1’, ‘$text2’, ‘$text3’, ‘$text4’)
as you can see it puts the variables directly into the database, now if one of those variables has a ’ in it it would mess up the the sql statement. How should I avoid this? I was thinking of using str_replace and replace ’ with ’ but that doesn’t work. Any Ideas? I know there is a simple solution I just can’t think of it right now.
Thanks.
