If the post name has apostrophes ('
) or speech marks ("
) then the insert into the database is likely to fail as it will conflict with the INSERT statement. You can try doing something like:
$post_name = addslashes( html_entity_decode(($_POST['post_name']), ENT_QUOTES, 'utf-8') );
However, a better way would be to use the MySQL mysql_real_escape_string
or mysqli_real_escape_string
function to escape the string instead of addslashes
. The function to use will depend on your MySQL code and extension used (MySQL or MySQLi), e.g:
$post_name = mysql_real_escape_string( html_entity_decode(($_POST['post_name']), ENT_QUOTES, 'utf-8'), $db );