One of the problems that we have found to make applications for PHP, is the need to escape the quotation marks in forms or in any update that is done from the front-end and stored in the DB my_sql. After reviewing some pages on the internet and see that many of us have the same problem here I attached the PHP function that allows us to escape special characters, including single and double quotes.
A practical example we have a form which introduce this direction and we want to store in a field in our DB, well to keep us fail to perform UPDATE, we write this code before making the UPDATE, thus we will avoid potential problems.
//Aqui guardo la dirección la cual podra contener por ejemplo ""
$address = mysql_real_escape_string($address);
And if you want to be very sure, we can do that they can not enter HTML or SQL code for the serious direction follows.
$address = htmlspecialchars(mysql_real_escape_string($address));
- MYSQL_REAL_ESCAPE_STRING( <STRING> );
- HTMLESPECIALCHARS( <STRING> );