Chances are if you are using a database and your application errors out when you enter ‘ or ” into a field and you get an error this usually means your prone to SQL injection. While SQL injection is very dangerous it’s relatively simple to resolve. Now I say its simple but it could mean lots of re-work for you.
I don’t want to talk about how to prevent and cure SQL injection. But, I want to show a solution to this problem. There are already so many great resources out there on how to resolve this issue.
Really the best quick thing you can do is escape all ” and ‘. PHP has a lot of really useful commands to carry out this like mysql_real_escape_string(deprecated) But, probably the biggest thing that can be done is to use PDO(PHP Data Objects).
This sample query
$sql = <<<SQL
SELECT * FROM users WHERE users.id = ‘123’;
https://turtlebytes.com/wp-content/uploads/2018/04/sql-injection.jpg300386zach2825https://embed.website/logo/rjPMLdcsHS/width:340/height:156/pngzach28252018-04-13 07:55:502018-04-10 08:12:34if you search for ' or " and it breaks your software