$query = "UPDATE `posts` SET my_text='I'm a PHP newbie' WHERE id=10';
@gladoscc Click "edit" and modify the answer. I am aware it can be improved.
An example of what not to do (the "Bad Idea"):
And when this query is sent to MySQL, it will complain that the syntax is wrong, because there is an extra single quote in the middle.
Escaping data before use in a SQL query is also very important because if you don't, your script will be open to SQL injections. An SQL injection may cause alteration, loss or modification of a record, a table or an entire database. This is a very serious security issue!
Or use a prepared sql query.
This code could be included in a page with a form to submit, with an URL such as http://example.com/edit.php?id=10 (to edit the post n10)
This error is often caused because you forgot to properly escape the data passed to a MySQL query.
To avoid such errors, you MUST always escape the data before use in a query.
What will happen if the submitted text contains single quotes? $query will end up with: