This question already has an answer here:
- How can I prevent SQL injection in PHP? 28 answers
I developping an admin panel, i have the PDO stuff for my db. Here is my post PHP for update texte in my website:
$text1= $_POST['text1'];
$text2= $_POST['text2'];
$query = $con->prepare("UPDATE `home` SET text1='$text1', text2='$text2' WHERE id=1;");
$query->execute();
if ($query) {
echo 'good';....}
If i write quotes it's say my sql query is not good. I have tried quote() and prepare() but don't work too. How can i do for use quote in my input ?
PS: In all my query i have specials char like: é à ü ù and other (i'm french)
</div>
