I want to do an INSERT into a MySQL database using:
$sql = "INSERT INTO table (title1) VALUES ('$myVar')";
but the problem is $myVar can contain the single quotes (' symbols, e.g. in "idiot's"). Can somebody tell me how to handle any single quotes in the variable as a letter and not as a piece of code?
(I know there are posts about this in the forum already, but I do not really understand their solutions, so sorry for double posting)
You might be temped to replace each single quote with two of them.
like so
$myvar = "idiot\'s";
But resist the urge and escape it instead:
<?php $var = "Hello !! idiot's";
mysql_real_escape_string($var);?>