This is probably a common thing but I have a question. Allow apostrophes while still maintaining the mysql_real_escape_string()
tag.
I have this: $name = stripslashes(mysql_real_escape_string($_POST['stadium_name']));
and I test it on this:
$getInfoX = mysql_fetch_array(mysql_query("SELECT * FROM `stadiums` WHERE `stadium_name` = '$stadium_name'")) or die(mysql_error());
I could do an example inject like x'; DROP TABLE members; --
or a name with apostrophes like Stade de l'Aube
... but the name with apostrophes get me an error like:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Aube'' at line 1
What do I do?