I don't know why I am struggling with this so bad, but I have a simple form field (text area) that gets inserted into a database. After switching to mssql instead of mysqli I can't figure out how to escape the single quotes and get the insert or update to work.
if I have this form field
Comments: <textarea name="RACOMMENTS" cols="100" rows="10" /></textarea>
and this update:
"update table set RACOMMENTS='" . $_POST['RACOMMENTS'] . "' ";
$result-sqlsrv_query($conn,$sql);
How do I escape that field to allow a word like don't or can't or sister's
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Most Valuable Expert award recognizes technology experts who passionately share their knowledge with the community, demonstrate the core values of this platform, and go the extra mile in all aspects of their contributions. This award is based off of nominations by EE users and experts. Multiple MVEs may be awarded each year.