MySQL not letting ' and " in Longtext

MySQL is not letting me use "s and 's with a context form I made for my site. All of the other fields sent to the database just fine, but 开发者_运维技巧the longtext one also makes an error if you use anything other than letters and numbers.

I have it at long text, not null.

I am trying to put mysql_real_escape_string() in my code

Use parameterized query then you don't have to worry about escaping special characters and it is safer too (ie against SQL injection attack).

find function in your programming language that escapes slashes and similar and apply it to your output before sending to database

This should work as proposed

$sql2="INSERT INTO $tbl_name(s_id, s_name, s_email, s_content) VALUES(".$id.", '".mysql_real_escape_string($s_name)."', '".mysql_real_escape_string($s_email)."', '".mysql_real_escape_string($s_content)."')"; 

You should: Take advantage of prepared statements and if you don't do that escape ALWAYS!!! values that come from client input. If not your website can easily been hacked by script-kiddis that just test some sql-injections.

it is better to use prepared statements then the method you have adopted, the plus point of using Prepared Statements like PDO are, it will save you from attacks Such as MYSQL Injections and there are lot more, basically PDO is an inbuilt PHP class which lets you interact with your database at ease, plus it is very flexible, for example,

To establish a connection using PDO you just need to use one line of code, it is like initializing an object.

$dbh = new PDO('mysql:host='.HOST.';dbname='.DATABASE,USERNAME,PASSWORD);

that's it, please note i have used Constant, you can replace it with you own.

now for example if you want to select something using PDO, you just need to write one line of code.

$sth = $dbh->query('SELECT id,name FROM table');
//Query is executed in the above code, and when you want to retrieve the value you just need another line of code.
$result = $sth->fetchAll(PDO::FETCH_ASSOC);

that's it, now you have an array $result which holds all the retrieved value. isn't it very simple and easy to use?

to get you started with using PDO here take a look at this tutorial in net.tutsplus.com they have explained it very well.