Today i learned a valuable lesson despite being a good mysql/php programmer i failed to follow the basics. My client kept on complaining that there was an error popping up in my website whenever she submitted a form. I wasnt sure what it is and my client was kind enough to email me .

and the error was

Insertion Failed:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘s)

The error was caused by MySQL and insertion failed because i havent escaped single and double quotes in the INSERT mysql query.

i quickly used mysql_real_escape_string() function to escape single and double quotes and it solved all my problem. It is a magic function that will escape all special characters including single and double quotes.

If you are a programmer you can use the above function to prevent mysql injection attacks by filtering user input.

Similar Posts:

• How to filter & escape data from Injection attacks in PHP!
• Fix-> Warning: ereg_replace(): REG_BADRPT in PHP
• how to store and retrieve checkbox value in php?
• [Fix] Warning: Cannot modify header information – headers already sent by wp-config.php
• Fix ->Wordpres plugin could not be activated fatal error cannot redeclare!
• Rewriting MySQL Date to PHP Date Format
• Fixing CPU Exceeded errors and slow MySQL queries with Bluehost!
• Fix: Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’
• FIX->Fatal error: Maximum execution time of 300 seconds exceeded with phpMyAdmin
• Optimizing MySQL Rand() against Slowdowns