I try to embed the Summernote WYSIWYG editor in my form, when I submit the form for writing to the mssql table, it accepts most special characters ($%! <> Etc.) even double quotes are ok, however when I try use one quote, i get sql error. Can you help me with what I missed.
The first line implements the plugin
<textarea name="majorupdate" id="summernote" rows="10" class="form-control"></textarea>
sending it to the second page, in which the following values are used (some unnecessary entries are displayed to simplify it)
$majorupdateX = $_POST['majorupdate'];
$query = mssql_query("INSERT INTO PRJ_Update1 (update1) VALUES ('$majorupdateX') ");
when you call an entry from the sql table, it is displayed on the page as follows
echo '<p>'.$row[update1].'</p>';
, - html? , , , , summernote . htmlspecialchars() POST, . , .
Warning: mssql_query() [function.mssql-query]: message: Line 1: Incorrect syntax near 's'. (severity 15) in C:\WPServer\Web\dev\Rehan\ProjectTracker\PR_projectUpdates1_formpost.php on line 47
Warning: mssql_query() [function.mssql-query]: message: Unclosed quotation mark before the character string ') '. (severity 15) in C:\WPServer\Web\dev\Rehan\ProjectTracker\PR_projectUpdates1_formpost.php on line 47