I've got a simple php script that adds a record to a mysql database, and then checks that it's been added. It's user inputed data, so it's been trimmed of extra whitespace, had html special chars removed and slashes added.
It works fine until an apostrophe is inputed by the user. If there's an apostrophe in the inputed text then the script will insert it into the database correctly, but the sql query that checks that it's been inserted is for some reason not detecting that it has.
Here's the code. As you can see it's the $linkname variable that's being inserted, but that I can't detect on the database with the code below the insert statement.
Any help much appreciated.
It works fine until an apostrophe is inputed by the user. If there's an apostrophe in the inputed text then the script will insert it into the database correctly, but the sql query that checks that it's been inserted is for some reason not detecting that it has.
Here's the code. As you can see it's the $linkname variable that's being inserted, but that I can't detect on the database with the code below the insert statement.
Code:
$insert_justlink_query = "insert into links values (null,'$link_url','$linkname','$banner','$secid' )";
mysql_query($insert_justlink_query);
$check_linkinsert_query = "select * from links where text1 LIKE '$linkname' AND sec_id LIKE '$secid'";
$check_linkinsert_results = mysql_query($check_linkinsert_query);
$check_linkinsert_num_rows = mysql_num_rows($check_linkinsert_results);
if($check_linkinsert_num_rows > 0)
{
sec_show_hide('new_link_isbelow');
}
else
{
sec_show_hide('create_link_error');
}Any help much appreciated.