Jump to content


Photo

Characters being entered in DB


  • Please log in to reply
8 replies to this topic

#1 RSprinkel

RSprinkel
  • Members
  • PipPipPip
  • Advanced Member
  • 69 posts

Posted 28 May 2006 - 12:48 AM

Hi all and new here.

I have a few questions pertaining to PHP as I am a somewhat of a Newb and I am not sure to handle these questions the proper way. However. I will make them seperate posts if thats allowed.

I have a problem. I have an application form on my site, that has to be approved by me via an admin form. When a member uses the characters such as ", -, ', etc and I try to approve the application I get an error basically telling me these aren't allowed to be processed and placed into the proper database. I have to manually go into the temp database and remove these characters before I can process the app.

Any help on this issue is GREATLY Appreciated.


RSprinkel

Sorry I should have put the code that I have:

// Enter info into the Database.
$info2 = htmlspecialchars($info);
RSprinkel
A PHP/MySQL NOVICE I AM

#2 Ferenc

Ferenc
  • Members
  • PipPipPip
  • Advanced Member
  • 94 posts

Posted 28 May 2006 - 02:49 AM

Try:
$info2 = htmlentities($info, ENT_QUOTES);
Everything you want to know is here.

#3 RSprinkel

RSprinkel
  • Members
  • PipPipPip
  • Advanced Member
  • 69 posts

Posted 28 May 2006 - 03:12 AM

Well I tried and got the same error. Here is the error received:

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Night BR', '17-18', 'no...but can get one', 'DjFan828 and weighfish had just t' at line 2"

Here is the troubled data:

Lowe's Night BR
17-18
no...but can get one


Thanks for your help



RSprinkel
A PHP/MySQL NOVICE I AM

#4 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 28 May 2006 - 03:15 AM

I think it'd help if you posted your code, or at least the query itself.
Like, instead of querying, just echo it.
~ D Kuang

#5 RSprinkel

RSprinkel
  • Members
  • PipPipPip
  • Advanced Member
  • 69 posts

Posted 28 May 2006 - 03:21 AM

Not sure what you mean by echo the code

Code/Query is here

// Enter info into complaint.
//$history2 = htmlspecialchars($history); - WAS BEFORE
$info2 = htmlentities($info, ENT_QUOTES);
$sql = mysql_query("INSERT INTO complaint (username, date, s_driver, r_driver, sim_mod, track, lap, replay, comments)
VALUES('$username', '$date', '$s_driver', '$r_driver', '$sim_mod', '$track', '$lap', '$replay', '$comments')" ) or die (mysql_error());

If there is no ' - " symbols it is fine it will go through the process. However if some puts those symbols in it will give me that error.
RSprinkel
A PHP/MySQL NOVICE I AM

#6 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 28 May 2006 - 03:25 AM

OK, the error is caused by the single quote. htmlentities with ENT_QUOTES on should handle that, but you aren't actually applying the function to the variables.

Like: $info2 = htmlentities($info, ENT_QUOTES). What is this for? I can't see where you are using $info2.

You can also use mysql_escape_string()
[a href=\"http://www.php.net/mysql_escape_string\" target=\"_blank\"]http://www.php.net/mysql_escape_string[/a]
~ D Kuang

#7 RSprinkel

RSprinkel
  • Members
  • PipPipPip
  • Advanced Member
  • 69 posts

Posted 28 May 2006 - 01:23 PM

[!--quoteo(post=377743:date=May 27 2006, 11:25 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ May 27 2006, 11:25 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
OK, the error is caused by the single quote. htmlentities with ENT_QUOTES on should handle that, but you aren't actually applying the function to the variables.

Like: $info2 = htmlentities($info, ENT_QUOTES). What is this for? I can't see where you are using $info2.

You can also use mysql_escape_string()
[a href=\"http://www.php.net/mysql_escape_string\" target=\"_blank\"]http://www.php.net/mysql_escape_string[/a]
[/quote]


Ok had wrong script, sorry here is the correct code that I jsut modified: I added a line for each input box that may have these codes entered in.

// Enter info into complaint.
$username2 = htmlentities($username, ENT_QUOTES);
$date2 = htmlentities($date, ENT_QUOTES);
$s_driver2 = htmlentities($s_driver, ENT_QUOTES);
$r_driver2 = htmlentities($r_driver, ENT_QUOTES);
$track2 = htmlentities($track, ENT_QUOTES);
$lap2 = htmlentities($lap, ENT_QUOTES);
$replay2 = htmlentities($replay, ENT_QUOTES);
$comments2 = htmlentities($comments, ENT_QUOTES);
$sql = mysql_query("INSERT INTO complaint (username, date, s_driver, r_driver, sim_mod, track, lap, replay, comments)
VALUES('$username', '$date', '$s_driver', '$r_driver', '$sim_mod', '$track', '$lap', '$replay', '$comments')" ) or die (mysql_error());

RSprinkel
A PHP/MySQL NOVICE I AM

#8 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 28 May 2006 - 01:55 PM

Instead of using htmlentities(), use the mysql_real_escape_string() function.

<?php
$username = mysql_real_escape_string($username,);
$date = mysql_real_escape_string($date);
$s_driver = mysql_real_escape_string($s_driver);
$r_driver = mysql_real_escape_string($r_driver);
$track = mysql_real_escape_string($track);
$lap = mysql_real_escape_string($lap);
$replay = mysql_real_escape_string($replay);
$comments = mysql_real_escape_string($comments);
$sql = mysql_query("INSERT INTO complaint (username, date, s_driver, r_driver, sim_mod, track, lap, replay, comments)
VALUES('$username', '$date', '$s_driver', '$r_driver', '$sim_mod', '$track', '$lap', '$replay', '$comments')" ) or die (mysql_error());
?>

Ken

#9 RSprinkel

RSprinkel
  • Members
  • PipPipPip
  • Advanced Member
  • 69 posts

Posted 28 May 2006 - 07:49 PM

Ok I got it to work

I had an additional ?> at the end of the sql insert stuff and then another one at the end of the script.

THANKS ALL For the HELP. VERY MUCH APPRECIATED

I will be back with more questions soon [img src=\"style_emoticons/[#EMO_DIR#]/wink.gif\" style=\"vertical-align:middle\" emoid=\":wink:\" border=\"0\" alt=\"wink.gif\" /]
RSprinkel
A PHP/MySQL NOVICE I AM




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users