Oh yeah, so you do. At first glance I cant see why though!
Any ideas?
It chokes on the " ' " (single quote) characters because it makes the input string invalid SQL. Even though you're using postgres, mysql_real_escape_string() should fix the problem as seen in thephp.net documentation
You also should limit the input length to be less than the db column's limit.
Comment