Issues with PHP Comment box, SQL, and apostrophes

Dyzaster · 04-06-2015, 03:17 PM

Hey guys, so I'm running a website that has a comment box.

For some reason, when someone has a comment which contains an apostrophe, it does not go through.

Anyone know what i need to do to fix this issue? Its a PHP comment box that saves everything to an SQL database.

Here is the code for the form:

Code:

<script>

        function commentSubmit(){
                if(form1.name.value == '' && form1.comments.value == ''){ //exit if one of the field is blank
                        alert('Please type your confession');
                        return;
                }
                var name = form1.name.value;
                var comments = form1.comments.value;
                var xmlhttp = new XMLHttpRequest(); //http request instance

                xmlhttp.onreadystatechange = function(){ //display the content of insert.php once successfully loaded
                        if(xmlhttp.readyState==4&&xmlhttp.status==200){
                                document.getElementById('comment_logs').innerHTML = xmlhttp.responseText; //the chatlogs from the db wi$
                        }
                }
                xmlhttp.open('GET', 'insert.php?comments='+comments, true); //open and send http request
                xmlhttp.send();
        }

                $(document).ready(function(e) {
                        $.ajaxSetup({cache:false});
                        setInterval(function() {$('#comment_logs').load('logs.php');}, 2000);
                });

</script>

d072330 · 04-06-2015, 04:38 PM

This might help.

http://stackoverflow.com/questions/4...quotation-mark

TenTenths · 04-07-2015, 03:53 AM

At a glance I don't see anything in there that makes the contents of the "comments" variable HTML "safe" by escaping reserved chars etc.

Dyzaster · 04-08-2015, 11:35 AM

Ok so i followed that link and saw that i need to add "mysql_real_escape_string" But my only issue is, even after looking at around 15 different examples, i don't know where to place that in my code. I'm new to SQL and still learning with PHP, is there any way you could show me where it goes?