HTML Form not submitting if there is a ' character within the data

Issue

So basically I have a working HTML Form that when filled out and submitted goes tomy SQL database, I have check multiple times and it works as should unless there is a ‘ character in the data being submitted. If there is a ‘ it simply won’t submit the form. I don’t know why this is and was hoping someone would know and potentionally help my resolve the problem so that that character can be used. I am using PHP to connect my HTMLform to my SQL server.

All the columns in my SQL Table are VARCHAR(no.)

EDIT:
This is the code on my php file.

<?php
// database connection code
// $con = mysqli_connect('localhost', 'database_user', 'database_password','database');

$con = mysqli_connect('localhost', 'root', '7520NHOj','db_connect');

// get the post records
$txtName = $_POST['txtName'];
$txtEmail = $_POST['txtEmail'];
$txtPhone = $_POST['txtPhone'];
$txtMessage = $_POST['txtMessage'];

// database insert SQL code
$sql = "INSERT INTO `tbl_contact` (`fldName`, `fldEmail`, `fldPhone`, `fldMessage`) VALUES ('$txtName', '$txtEmail', '$txtPhone', '$txtMessage')";

// insert in database 
$rs = mysqli_query($con, $sql);

if($rs)
{
    echo "Your Contact form has been submitted, we will get back to you as soon as possible!";
}

?>

Solution

Use mysqli_real_escape_string function for solving problem.
Use the following code.

<?php
// database connection code
// $con = mysqli_connect('localhost', 'database_user', 'database_password','database');

$con = mysqli_connect('localhost', 'root', '7520NHOj','db_connect');

// get the post records
$txtName = mysqli_real_escape_string($con,$_POST['txtName']);
$txtEmail = mysqli_real_escape_string($con,$_POST['txtEmail']);
$txtPhone = mysqli_real_escape_string($con,$_POST['txtPhone']);
$txtMessage = mysqli_real_escape_string($con,$_POST['txtMessage']);

// database insert SQL code
$sql = "INSERT INTO `tbl_contact` (`fldName`, `fldEmail`, `fldPhone`, `fldMessage`) VALUES ('$txtName', '$txtEmail', '$txtPhone', '$txtMessage')";

// insert in database 
$rs = mysqli_query($con, $sql);

if($rs)
{
    echo "Your Contact form has been submitted, we will get back to you as soon as possible!";
}

?>

Answered By – Javed Iqbal

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published