I wasn't too sure on how to word the title, so I'll try my best to explain here.
I've created a register system and came across a bug that I never took into consideration when developing the system. When a user types in the input boxes or a textarea, if they use single quotations the data won't be sent to the database as it will be closing the query.
This is my query code:
mysqli_query($uys, "INSERT INTO users SET bandname='$bandname', genre='$genre', location='$location', bio='$bio', password='$password', email='$email', ip='$ip'");
Of course if they don't use single quotations, there will be no error. They can use double quotes fine.
My variables are like this:
$bandname = $_POST['bandname'];
$genre = $_POST['genre'];
$location = $_POST['location'];
What is a way around this? I'm not the best with PHP, still learning so your help will be amazing and will help me lots.
Sorry if this wasn't well explained, if you're confused on what I mean I'll try my best to explain it better