My string $name = "Ali'Shan"; I want store it into database but the ' I use htmlentities/ htmlspecialchars and str_replace but insert I still get syntax error ' .
$name = "Ali'Shan";
str_replace("'", "", $name);
echo $name;
echo htmlentities($name);
My output is still Ali'Shan
Use addslashes() or mysql_real_escape_string()
addslahes, it is simply unsuitable. Don't use mysql_real_escape_string, it forces you to use the mysql_ library, which is deprecated and will be removed from PHP. There are better alternatives.Use htmlentities and htmlspecialchars when you want to insert text into an HTML document.
A database is not an HTML document. You need to use the appropriate mechanisms for adding text to an SQL query.
For the most part, those mechanisms are prepared statements with bound variables.
what about
str_replace("'", "\'", $name);
Use mysql_real_escape_string($str) while inserting in database.
mysql_real_escape_string, it forces you to use the mysql_ library, which is deprecated and will be removed from PHP. There are better alternatives.
mysql_real_escape_string, it forces you to use themysql_library, which is deprecated and will be removed from PHP. There are better alternatives.