NEONecd999

Yeah this is all for an admin panel, so only an admin will have access to this. Thanks for your help, mysql_real_escape_string() worked great.

I have a form with a text area where users can input an HTML code. That is then stored in a field of a mysql table. On another page, this HTML code must be selected from the table and echoed, so that the processed HTML code is what will appear in the browser. Problem is, there are symbols in the HTML code, such as single quotation marks, that will kill the syntax of the mysql UPDATE statement and allow for mysql injection attacks. To avoid this, i usually put "htmlentities($content, ENT_QUOTES)" instead of simply "$content" into the MySQL statement. However, if I do this, when I SELECT the info to output in another HTML page, it is not processed by the HTML, as all HTML symbols have been translated into their character codes... So which PHP functions should I use to encode and decode my content (in this case HTML code) to suit this scenario? Thanks.

fantastic, thank you.

Hi, I have a text area input that is submitted in a form. I had the issue that when someone submitted a ' (single quote) symbol in the text area, the php/mysql syntax would think that that was the closing quote of the text field (SET fieldname= 'John's pizzeria'), causing a syntax error. To fix this, i put an "htmlencode()" around the $_POST variable before running it in mySQL to update (a MEDIUMTEXT field). This worked well. Now I'd also like to preserve line breaks inputted into the text area. As it is now, if you include two line breaks, those line breaks seem to be preserved in the mysql field, but when you call the field and echo it into HTML, the line breaks are gone. What is the best way to encode my text area so that I don't have syntax problems (and risk mySQL injection attacks) as well as maintain formatting things like line breaks? Thanks.

awesome, thanks

I have a website, hosted on a server, that uses the date() function quite often to find the current date and time. Am I making a terrible mistake in that this date is being taken from the client's local computer time? Or is it taking the current date/time from the information on the server's clock? Thanks.

I have a box of a fixed size in my site layout where a field from a MySQL table is outputted. However, this field's length can change, sometimes longer than the size of the box in the design. In CSS, i set the div to overflow:hidden, but I would like the php to actually shorten the text being outputted with a "..." at the end of the text. This cannot be done by limiting the number of characters as different characters are different widths, especially line breaks (which can be a whole line long). Is there any way of limiting text output by the size of the area it takes up? Thanks.

wow, okay, thanks. How do I "block" a directory? Do you mean adjust the CHMOD settings? But if it is something like the uploads folder, doesn't it need to have full permissions so that people can write to it?

okay, i'll be more explicit.. $result = mysql_query("SELECT * FROM tableA UNION SELECT * FROM tableB ORDER BY RAND()"); echo mysql_result($result,0,"field"); //from which table was this result since both tables were used in this query, and the results were randomly ordered, the first result from the query could be from either table. I need something that will return the name of the original table of this result. Thanks.

Sure, but that's not what I'm looking for... I have a query that is like SELECT * FROM table1, table2 If I pull a result from this query, mysql_result($result,$i,"fieldname") i'd like to know from which table, table1 or table2, did that result come from.

How can I retrieve the name of the table from which a given MySQL result came from? Thanks.

http://www.fantour.org A social networking site based around live shows. If you guys could check it out and point out any bugs you find, that would be great. Cross-browser consistency in CSS is also something that needs to be checked out. Thanks in advance.