Whenever I add a single quote (') or a double quote (") in my PHP formfield, it will be saved in my MySQL DB as "
/ '
. How can save the 'real' "quotes" in my DB?
I tried to prevent this by making a secure Mysql connection thru PDO, but it doesn't seem to work properly.
So here's the important part of my code:
$insert_hello = filter_var($_POST['hello'], FILTER_SANITIZE_STRING);
$dbh->query("SET NAMES 'utf8'");
$stmt = $dbh->prepare("INSERT INTO testtable (data) VALUES (:hello)");
$stmt->bindParam(':hello', $insert_hello, PDO::PARAM_STR);
$stmt->execute();
Some background information:
The server runs on PHP v5.2.12-0.
The DBStorage engine is InnoDB and has its client-, connection-, results- and system charset are set to utf8.
The DB field has its collation set to utf8_unicode_ci.
Magic quotes are disabled thru .htaccess.
Thanks in advance!
Kind regards, Jroen