matthew798 Posted September 10, 2008 Share Posted September 10, 2008 Hey, I have a form where an admin can enter a news story and it will be stored in a database and then retrieved when someone opens the news page... Now im sure this is an obvious answer, but how would i go about making it possible to use single and double quotes inside the post without affecting the mysql query? Link to comment https://forums.phpfreaks.com/topic/123549-stupid-quotes/ Share on other sites More sharing options...
kenrbnsn Posted September 10, 2008 Share Posted September 10, 2008 You want to use the function mysql_real_escape_string on the data when you insert it into the database. Ken Link to comment https://forums.phpfreaks.com/topic/123549-stupid-quotes/#findComment-638080 Share on other sites More sharing options...
lisa71283 Posted September 10, 2008 Share Posted September 10, 2008 mysql(i)_real_escape_string() should be called on any user-supplied or modifiable content that will be passed to a query, otherwise you will be setting yourself up for a SQL injection attack. Link to comment https://forums.phpfreaks.com/topic/123549-stupid-quotes/#findComment-638083 Share on other sites More sharing options...
matthew798 Posted September 10, 2008 Author Share Posted September 10, 2008 mysql_query("UPDATE news SET title='$title', body='$body' WHERE id='$id'", mysql_real_escape_string($title), mysql_real_escape_string($body)); i know something is wrong there... Warning: Wrong parameter count for mysql_query() in C:\Program Files\EasyPHP 2.0b1\www\admin\newseditprocess.php on line 13 Never used this rel escape thingy before... Link to comment https://forums.phpfreaks.com/topic/123549-stupid-quotes/#findComment-638085 Share on other sites More sharing options...
darkfreaks Posted September 10, 2008 Share Posted September 10, 2008 <?php $id.=mysql_real_escape_string($id); $title.=mysql_real_escape_string($title); mysql_query("UPDATE news SET title='$title', body='$body' WHERE id='$id'"); ?> Link to comment https://forums.phpfreaks.com/topic/123549-stupid-quotes/#findComment-638087 Share on other sites More sharing options...
matthew798 Posted September 10, 2008 Author Share Posted September 10, 2008 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' \"\' \'\'\' \"\' \"\'', body='" '" '" '" '" ' \" \'\" \'\" \'\" \'\" \' ' WHE' at line 1 I just treid a ****load of quotes.... This is what i have $id.=mysql_real_escape_string($id); $title.=mysql_real_escape_string($title); $body.=mysql_real_escape_string($body); mysql_query("UPDATE news SET title='$title', body='$body' WHERE id='$id'") or die(mysql_error()); Also, is there something special i need to do to remove the slashes when i'm displaying the data? Link to comment https://forums.phpfreaks.com/topic/123549-stupid-quotes/#findComment-638088 Share on other sites More sharing options...
matthew798 Posted September 10, 2008 Author Share Posted September 10, 2008 bump, because im an impatient prick with no regard for anyonw else... Link to comment https://forums.phpfreaks.com/topic/123549-stupid-quotes/#findComment-638096 Share on other sites More sharing options...
kenrbnsn Posted September 10, 2008 Share Posted September 10, 2008 The code that you used is incorrect, try this instead: <?php $id = mysql_real_escape_string($id); $title = mysql_real_escape_string($title); $body = mysql_real_escape_string($body); $q = "UPDATE news SET title='$title', body='$body' WHERE id='$id'"; mysql_query($q) or die("Problem with the query: $q<br>" . mysql_error()); ?> You use the function stripslashes() to remove the added slashes. Ken Link to comment https://forums.phpfreaks.com/topic/123549-stupid-quotes/#findComment-638099 Share on other sites More sharing options...
matthew798 Posted September 10, 2008 Author Share Posted September 10, 2008 Thanks so much ken! I think i'm going to donate to PHP Freaks, i have gotten so much out of this community! Cheers boys! I'd buy you all a beer if i could Link to comment https://forums.phpfreaks.com/topic/123549-stupid-quotes/#findComment-638100 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.