' Symbol is killing my PHP

The FCK editor doesn't automatically replace the ' but you can change that.
Do a search on quot in the files fckeditorcode_ie.js and fckeditorcode_gecko.js in the folder 'fckeditor/editor/js', when you find '"':'quot' you're in the right place. This is a string that contains the characters the FCK editor replaces automatically, add ,"'":'#39' to it and save the files.

Now you shouldn't have any problems any more with '.

seloh wrote:
Now you shouldn't have any problems any more with '.

Now you just have a big SQL injection problem.

alfonsoml wrote:Now you just have a big SQL injection problem.

How's that? The ' is replaced by ' in the source, which goes to the database.

and what would happen whenever someone tries to attack you directly sending to your server a content containing some of those apostrophes?

aah right ...
Didn't think of that because I use a custom function that retrieves a piece of information from a form and does (amongst others) a few replaces to prevent SQL injection.

@laims7:
alfonsoml is right, the correct way to get rid of your problem is to replace the ' in PHP after you retrieve the information from the form.

$originalString = $_POST["editor"];
$newString = str_replace("'","'",$originalString);

@seloh If you're saving anything to database, mysql_real_escape_string() is your friend (or any other *escape_string function in PHP if using other database). Be sure to read note about magic_quotes_gpc setting.

Thanks for the tip Wiktor but I program in ASP.

I base64_encode() almost everything that comes from the fckeditor before storing it.