Hi all, first post hope someone can be of help. I have a website that uses an MYSQL guest book. I've noticed that if someone uses the ' around text it causes a syntax error. The " does not. This is occurring in the comments field which is set to TEXT. I've tried changing to VARCHAR to no avail. I've done some SQL and I seem to remember the ' being used to designate literals etc. How can I get round this problem?

Cheers, Lol

the ' is a delimiter in SQL

you need to "escape" them in whatever server-side language you use

PHP you can use the add_slashes function.

ASP would be replace(SQL_String,"'","''") (that's two single quotes BTW)

Thanks Chris. I have to confess my guestbook is a downloaded PHP script that i incorporated into my site. having never used PHP what code would I need to use and where would I put it?

Cheers, Lol

Run a search through the code for any occurrences of 'INSERT' (or 'insert'). The queries will contain php variables, and you need to find the one that holds the data for the comments field, and escape the value before it ends up in the query, so on a line before the query add something like

PHP Code:

$comments = addslashes($comments); 


($comments being the variable holding the comments data, the name may differ in your code).

Perfect Oberon! Your'e an angel ;-)

Thanks, Lol