[TYPO3-english] exec_INSERTquery escaping single quotes
Tomaz Zaman
tomaz at optiss.si
Wed Mar 11 14:39:44 CET 2009
Hey I'm making a custom extension where user's need to enter some data
into input fields. I then use the function exec_INSERTquery to write
that data into the database. The problem i'm having is when someone
enters something like: Tom's title (notice the ' char).
That value gets saved like Tom\'s title into the database and gets
displayed like that in the FE.
My form has about 100 fields to enter and ' characters get escaped
everywhere. Of course i want the form to be secure, but i don't want
visitors to see the escape character when viewing entries in FE.
What's the best way to solve this problem??
Tomaz Zaman
More information about the TYPO3-english
mailing list