PHP/MySql problems

[splendor]

Here is my code:


PHP Code:
$id = $_GET['id']; // The item id //
$name = $_REQUEST['item']; // Name of the item //
$amount = $_POST['amount'];

$owner = $_REQUEST['owner']; // The obj_id of the character (owner) //

// Check if we already have a script for this item //
if (!file_exists("store_items/$name.php"))
{
// If we do not, copy the template script and rename it to this item's name //
copy("store_items/template.php", "store_items/$name.php");
}


It works fine, except for when an item contains a ' in it. For some reason the ' jacks everything up. This also jacks all other mysql queries because all that's getting inserted is "john" instead of "john's item" -- This message may have been cut off and the rest will only be shown to members. To become a member, click here --

[cook]

Splendor, welcome to this forum

You need to use mysql_escape_string() in your queries where you expect a string with a ' in it. The single quote is used to SQL to enclose a string, so if you get one passed from php, then it thinks it's reached the end of a string.

Glad to help you -- This message may have been cut off and the rest will only be shown to members. To become a member, click here --