eMonk

Any idea why my domain is showing up twice in the output? http://www.domain.com/v1/www.domain.com/british-columbia.php

Ah, I can't believe I missed that. Thanks salathe!

Good tip... I can't even get str_replace() to work on its own. echo "<a href='\".$_SERVER['SERVER_NAME']."/".str_replace(" ", "-",$row['name']).".php'>".stripslashes($row['name'])."</a>";

Are you sure? The error is coming from that line number according to the error message. Also when I pasted the code it turns up as all red, usually there's blue and orange colors when it's going to work.

I'm getting the same error PaulRyan.

I think that works jcbones but when I tried to put it into a href I get the following error: echo "<a href=\" . $_SERVER['SERVER_NAME'] . "/" . strtolower(stripslashes(str_replace(" ", "-", $row['name']))) .".php">stripslashes($row['name'])</a>"; Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

I tried but it doesn't work? echo "<p>" . $_SERVER['SERVER_NAME'] . "/" . strtolower(stripslashes(str_replace($row['name'])" ", "-")) .".php</p>"; Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING

How can I add str_replace(" ", "-") to the following line: echo "<p>" . $_SERVER['SERVER_NAME'] . "/" . strtolower(stripslashes($row['name'])) .".php</p>"; I have a bunch of provinces being displayed and want to replace spaces with - (for example British Columbia turns into www.domain.com/british-columbia.php so I can link to this file).

It's working now... Adding mysql_real_escape_string in the short variable names is cleaner IMO which makes it easier to read. I'm not sure what you mean by using an array for the form field names but I'll read this chapter again in my book tonight. Thanks again PFMaBiSmAd!

oppss.. I see a problem in the query... height = '$height'... 1 min...

I'm playing around with the short variable names now but it doesn't appear to be working ($height returns as NULL). $name = trim($_POST['name']); $age = trim($_POST['age']); $height = mysql_real_escape_string(trim($_POST['height'])); $hair = trim($_POST['hair']); $bust = trim($_POST['bust']); $waist = trim($_POST['waist']); $hips = trim($_POST['hips']); $query = "INSERT INTO model VALUES ('', '$name', $age, height = '$height', '$hair', '$bust', '$waist', '$hips', .........)"; $results = mysql_query($query);

$update = "UPDATE model SET name = '$name', age = '$age', height = '" . mysql_real_escape_string($height) . "', hair = '$hair', bust = '$bust', waist = '$waist', hips = '$hips' ......... WHERE id = '$id' "; $rsUpdate = mysql_query($update); After reading the manual at php.net on this function, I should be inserting the mysql_real_escape_string for each variable, correct? Right now I just have it for $height. The reason I'm asking is because I have 28 columns in this table and want to make sure I'm using this function properly as it seems like a tedious process and messy code.

Thanks again PFMaBiSmAd. I have learned from this and starting to like this place.

Ah, that's working now. 1 last question... Should I turn magic_quotes_gpc back on? I'll make sure to insert addslashes in form fields but have other scripts on the server and not sure if there are open to sql injections now.

That is correct, no \ characters in the database table now. I just added echo $height; and it displayed the data correctly but in the text field box it shows 5'8 <input name="height" type="text" size="2" value="<?=$height?>" maxlength="6"> Is this normal or something wrong with the code?

Ok, now its off but same results...

few mins.. just checked phpinfo () and its still turned on.

I just got my host to turn magic_quotes_gpc OFF but same results. displays the data: 5'8 (but 5\'8\" is displayed in the table column. No double quote at the end). Also using stripslashes() for display.

I believe magic_quotes_gpc is turned on (and should be left on for security reasons and cleaner code?). How do you remove escapes before using mysql_real_escape_string? I tried height = '" . stripslashes(mysql_real_escape_string($height)) . "' but same results.

Ah, that was the problem! I was using varchar(3) thinking I had to enter in height as cm then convert to feet (for single and double quotes) when the database was created. Just changed it to varchar(6). Question about stripslashes.... $height = stripslashes(trim($height)); displays the data: 5'8 (but 5\'8\" is displayed in the table column). Why is the output missing the double quote at the end?

I'm using phpMyAdmin to look at the data.

The problem is the data isn't being inserted properly. When I enter in 5'8" the database shows 5\' I just tried addslashes but samething.

What's wrong with my mysql_real_escape_string() syntax? $update = "UPDATE model SET name = '$name', height = '" . mysql_real_escape_string($height) . "', hair = '$hair' "; I can't seem to enter in 5'8" into the database for $height.

Nevermind, it works now... wtf!

What's wrong with this code? <textarea name="description" cols="60" rows="10"><?= $description ?></textarea> The textarea box returns null.