vbulletin input clean classes
Hi,
I am trying to make a vbulletin powered custom page which is a html form.
The user fills the form and the data is entered into the database.
I use the database classes of vBulletin to connect to the database and insert values. My problem is that i use a insert statement as
$var1 = $_REQUEST["var1"];
INSERT INTO TABLE VALUES (1, '$var1');
Now, if $var1 already contains a single quotes, i get an database error on submitting the form. Is there some class of vBulletin that i can use to insert the data into the database so that the database stores ' as well.
Also, is there a easy way to prevent SQL injection?
Thanks
|