Here is the code I am using
if (!empty($_REQUEST['content'])&&!empty($_REQUEST['title'])&&!empty($_REQUEST['writer'])) {
$title = $_POST['title'];
$content = $_POST['content'];
$writer = $_POST['writer'];
require_once 'htmlpurifier/library/HTMLPurifier.auto.php';
$purifier = new HTMLPurifier();
$pure_content = $purifier->purify($content);
$entity_content = htmlentities($pure_content);
$entity_content = mysql_real_escape_string($entity_content);
mysql_query("INSERT INTO stories (TITLE, WRITER, CONTENT, UPVOTE, DOWNVOTE) VALUES ('$title', '$writer', '$content', 0, 0)");
Now, after some testing I found out whenever I type an apostrophe some where like it's then the values don't get inserted in table. How do I prevent this? Are there any other special characters that might cause this problem. Here is what I am working on: http://8mags.com/bored/people/
Edit
I have updated these two lines of code
$add_content = "INSERT INTO stories (TITLE, WRITER, CONTENT, UPVOTE, DOWNVOTE) VALUES ('$title', '$writer', '$content', 0, 0)";
$result = mysqli_query($mysqli, $add_content) or die(mysqli_error($mysqli));
Is there anything else that I need to change?
Second Update
I have changed this code too
$con = mysqli_connect($db_hostname,$db_username,$db_password);
if (!$con)
{
die('Could not connect: ' . mysqli_error());
}
mysqli_select_db($db_database, $con);
Is there anything else? Thank you for the help.
You just need to put this at time of insertion.
$title = addslashes($_POST['title']);
$content = addslashes($_POST['content']);
$writer = addslashes($_POST['writer']);
And at time of show(listing)
stripslashes($VariableName)
Hope this help you.