for some reason when I replace an apostrophe with a double apostrophe it will work for a textview but not a regular text input. (I'm using phpFusion).
This is my HTML code
<tr class='" . $class_alt . "'>
<td class='first'><input type='text' class='w_focus validate[required] text-input' size='20' name='track' id='race' value='" . $data['track'] . "' /></td>
<td><input type='text' class='w_focus validate[required] text-input' size='1' name='race' id='race' value='" . $data['race'] . "' /></td>
<td><input type='text' class='w_focus validate[required] text-input' size='1' name='turnip_number' id='turnip_number' value='" . $data['turnip_number'] . "' /></td>
<td><input type='text' class='w_focus validate[required] text-input' size='20' name='turnip_horse' id='turnip_horse' value='" . $data['turnip_horse'] . "' /></td>
<td><input type='text' class='w_focus validate[required] text-input' size='3' name='turnip_odds' id='turnip_odds' value='" . $data['turnip_odds'] . "' /></td>
<td><input type='text' class='w_focus validate[required] text-input' size='10' name='turnip_bettype' id='turnip_bettype' value='" . $data['turnip_bettype'] . "' /></td>
<td><input type='text' class='w_focus validate[required] text-input' size='1' name='turnip_special' id='turnip_special' value='" . $data['turnip_special'] . "' /></td>
<td>
<div class='textarea'>
<textarea cols='20' rows='12' name='turnip_reason' id='turnip_reason' class='w_focus validate[required]'>" . $data['turnip_reason'] . "</textarea>
</div>
</td>
<td class='last'>
<div class='send'><span class='button_lnk blue def_link'>
<input type='submit' value='Enter Tip' class='enter_tips' name='enter_tips'/>
</span></div>
</td>
</tr>
And my SQL query:
$find = "'";
$replace = "''";
$result = dbquery("UPDATE fusion6618n_tips SET turnip_horse='" . str_replace($find, $replace, $_POST['turnip_horse']) . "', turnip_number='" . $_POST['turnip_number'] . "', turnip_odds='" . $_POST['turnip_odds'] . "', turnip_bettype='" . str_replace($find, $replace, $_POST['turnip_bettype']) . "', turnip_special='" . $_POST['turnip_special'] . "', turnip_reason='" . str_replace($find, $replace, $_POST['turnip_reason']) . "' WHERE track='" . $_POST['track'] . "' AND race='" . $_POST['race'] . "'");
It works fine for the textview (turnip_reason).
But if I do it for a text input, (turnip_horse), and say "Sir 'n' Sausage" is entered, all that get's updated in the database is "Sir " instead of Sir ''n'' Sausage.
And I can't figure out how to fix it.