php - If users writes ' (Apostrophe) it ruins the code, how to stop it? -

php - If users writes ' (Apostrophe) it ruins the code, how to stop it? -

so, have piece of code:

if ($_server["request_method"] == "post") { if (empty($_post["name"])) { $nameerr = "this field required"; } else { $name = test_input($_post["name"]); if (!preg_match("/^[a-za-z ]*$/",$name)) { $nameerr = "only letters allowed"; }

and works fine, there 1 problem, if users writes ' (apostrophe)? tried myself, , ruins code somehow, never reaches database, , can't add together apostrophe preg_match because ruins code , doesn't run correctly!

so question is, how can stop user writting ' (apostrophe)?

thanks reading.

should stop user writing apostrophe, or should prepare code kind of situation? today's apostrophe, tomorrow's double quote, , can't manage every single symbol (think of other alphabets).

if straight adding database, escape symbols using either mysqli's or pdo's (or database management scheme use) escape methods. otherwise, code might in real danger, because of sqlinjection. illustration of happen shown here, in comic xkcd, imagine input:

test'); drop table important_data;--

yes, (at to the lowest degree in case , after validating regex) covering issue, happen in every single place around code (suppose comment form, write anything). always escape every single user input. defend lots of future issues.

php mysqli preg-match