[SOLVED] Apostrophe problem in simple php/MySQL CMS scripts.

iainlang · May 1, 2008

Hello.

[ BTW - After reading "Have you been helped here?" I've been looking for a "Donate" button but I can't find one that doesn't just take me back to the Home page. Can anyone point me to the right URL? ]

Now...

I wrote my own small, very simple, naive, CMS scripts to help small charities run their own database-driven website without further aid from anyone outside their organisaton. I have about thirty now and all has been working well for about four years but one theatre Trust wants a What's On section (note the apostrophe - oddly enough, the first time any of "my" little charities thought to use one) and it seems that this forbids the creation of Sub-sections within any Section whose title contains an apostrophe.

I've listed my scripts below; can anyone tell me what the solution might be to the apostrophe problem, please? I'm sort'v self-taught and am probably missing something stupid.

Thanx.

Iain.

include("php-lib/connect_inc.php");

$section_name=trim (strtolower($section_name));

$section_text=nl2br($section_text);

$TableName="sections";

$Query="INSERT INTO $TableName (section_id, section_name,

section_vis_name, section_heading, section_text, image_filename, title_text) VALUES ('$section_id', '$section_name', '$section_vis_name', '$section_heading', '$section_text', '$file_name', '$title_text')";

$Result=mysql_db_query ($DBName, $Query, $Link);

include("sec_add.php");

$TableName="images_sub_sections";

$TableName="sections";

include("php-lib/connect_inc.php");

$Query="SELECT section_name, section_vis_name FROM $TableName WHERE section_id='$section_id' ";

$Result=mysql_db_query ($DBName, $Query, $Link);

while ($Row=mysql_fetch_array ($Result))

{

$section_name=$Row[section_name];

$section_vis_name=$Row[section_vis_name];

}

$sub_section_name=trim(strtolower($sub_section_name));

$sub_section_text=nl2br($sub_section_text);

$TableName="sub_sections";

$Query="INSERT INTO $TableName (sub_section_id, section_name, section_vis_name, sub_section_name, sub_section_vis_name, sub_section_heading, sub_section_text, image_filename, title_text) VALUES ('$sub_section_id', '$section_name', '$section_vis_name', '$sub_section_name', '$sub_section_vis_name', '$sub_section_heading', '$sub_section_text', '$file_name', '$title_text')";

$Result=mysql_db_query ($DBName, $Query, $Link);

include("sub_sec_display_short.php");

Daniel0 · May 1, 2008

Try running the name through mysql_real_escape_string() before inserting it into the database. Also, what errors are you getting?

[ BTW - After reading "Have you been helped here?" I've been looking for a "Donate" button but I can't find one that doesn't just take me back to the Home page. Can anyone point me to the right URL? ]

That page was lost after the old site was taken down. However, see this post.

iainlang · May 1, 2008

Thanx for your swift response. Do you mean like -

include("php-lib/connect_inc.php");

$section_name=trim (strtolower($section_name));

$section_name=mysql_real_escape_string($section_name);

$section_text=nl2br($section_text);

$TableName="sections";

$Query="INSERT INTO $TableName (section_id, section_name,

section_vis_name, section_heading, section_text, image_filename, title_text) VALUES ('$section_id', '$section_name', '$section_vis_name', '$section_heading', '$section_text', '$file_name', '$title_text')";

$Result=mysql_db_query ($DBName, $Query, $Link);

include("sec_add.php");

'cos if that's it, it doesn't seem to work.

I use HotDog and mysql and php functions are automatically coloured but this doesn't happen with the mysql_real_escape_string thing-y. Sorry to be so thick.

Yoooors,

Iain.

[ I sent phpfreaks 10 sterling at the e-mail address [email protected] - dunno what that comes to in dollars. ]

iainlang · May 1, 2008

Sorry - I should have answered your question. The only error I get is that the Sub-section doesn't get inserted into the database table.

Daniel0 · May 1, 2008

Try to add or die(mysql_error()); after the function executing the query.

iainlang · May 1, 2008

I've done -

include("php-lib/connect_inc.php");

$section_name=trim (strtolower($section_name));

$section_name=mysql_real_escape_string($section_name); // <<----- ;

$section_text=nl2br($section_text);

$TableName="sections";

$Query="INSERT INTO $TableName (section_id, section_name,

section_vis_name, section_heading, section_text, image_filename, title_text) VALUES ('$section_id', '$section_name', '$section_vis_name', '$section_heading', '$section_text', '$file_name', '$title_text') ";

$Result=mysql_db_query ($DBName, $Query, $Link) or die(mysql_error()); // <<----- ;

include("sec_add.php");

which seems to be accepted wihout question, and

$TableName="images_sub_sections";

$TableName="sections";

include("php-lib/connect_inc.php");

$Query="SELECT section_name, section_vis_name FROM $TableName WHERE section_id='$section_id' ";

$Result=mysql_db_query ($DBName, $Query, $Link);

while ($Row=mysql_fetch_array ($Result))

{

$section_name=$Row[section_name];

$section_vis_name=$Row[section_vis_name];

}

$sub_section_name=trim(strtolower($sub_section_name));

$sub_section_text=nl2br($sub_section_text);

$TableName="sub_sections";

$Query="INSERT INTO $TableName (sub_section_id, section_name, section_vis_name, sub_section_name, sub_section_vis_name, sub_section_heading, sub_section_text, image_filename, title_text) VALUES ('$sub_section_id', '$section_name', '$section_vis_name', '$sub_section_name', '$sub_section_vis_name', '$sub_section_heading', '$sub_section_text', '$file_name', '$title_text')";

print("$Query< br >"); // <<----- ;

$Result=mysql_db_query ($DBName, $Query, $Link) or die(mysql_error()); // <<----- ;

include("sub_sec_display_short.php");

which produces the line -

INSERT INTO sub_sections (sub_section_id, section_name, section_vis_name, sub_section_name, sub_section_vis_name, sub_section_heading, sub_section_text, image_filename, title_text) VALUES ('4000', 'whats_on', 'What's On', 'test_sub_section', 'Test Sub-section', 'Test Sub-section heading', 'Test Sub-section text.', '', '')

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's On', 'test_sub_section', 'Test Sub-section', 'Test Sub-section heading', 'Test' at line 1

Dunno if that makes any sense to you; it doesn't to me.

Daniel0 · May 1, 2008

This:

INSERT INTO sub_sections (sub_section_id' date=' section_name, section_vis_name, sub_section_name, sub_section_vis_name, sub_section_heading, sub_section_text, image_filename, title_text) VALUES ('4000', 'whats_on', 'What's On', 'test_sub_section', 'Test Sub-section', 'Test Sub-section heading', 'Test Sub-section text.', '', '')
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's On', 'test_sub_section', 'Test Sub-section', 'Test Sub-section heading', 'Test' at line 1

is the problem. As you see, it's the $section_vis_name one that is the problem. You should run it (and all other values) through mysql_real_escape_string().

iainlang · May 1, 2008

Magic! Abso-bally-lutely magic! I think I'll start a Feast Day in your honour, name my seventeenth-born after you, raise a graven image, declare a Public Holiday, etc.

Dunno how you guys do it.

Big thanx.

Sign In

[SOLVED] Apostrophe problem in simple php/MySQL CMS scripts.

Recommended Posts

iainlang

Link to comment

Share on other sites

Daniel0

Link to comment

Share on other sites

iainlang

Link to comment

Share on other sites

iainlang

Link to comment

Share on other sites

Daniel0

Link to comment

Share on other sites

iainlang

Link to comment

Share on other sites

Daniel0

Link to comment

Share on other sites

iainlang

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information