fiddlehead_cons Posted October 31, 2008 Share Posted October 31, 2008 Ugh, I'll probably struggle with this until my last day. I always get stuck on this when I write an app. Maybe someone can help educate me here. I'm coding a PHP/MySQL based HTML GUI to SELECT a TEXT field from a table, edit it, and then UPDATE/INSERT it back into the table (data is passed via a POST). The TEXT data contains all sorts of special characters though. Semicolons and Dollar Signs are giving me the most trouble right now. Can anyone help me figure out why I continue to corrupt my TEXT data by doing multiple SELECTs and UPDATEs of the same data in succession? When do I need to addslashes(), stripslashes(), etc. etc? Also, how do I deal with special line returns ("\n\r") and other characters like semi-colons and dollar signs? Any help would be appreciated. Thanks -James P.S. My form is a Smarty template so I use {$smarty.post.textdata|stripslashes} to display in the form, if that matters. Quote Link to comment https://forums.phpfreaks.com/topic/130812-troubles-properly-escaping-special-characters-during-insertsupdates/ Share on other sites More sharing options...
JonnoTheDev Posted October 31, 2008 Share Posted October 31, 2008 Forget addslashes() and stripslashes(). When inserting/updating the record all you need to do is use mysql_real_escape_string() on each field variable i.e: mysql_query("INSERT INTO tableName SET name='".mysql_real_escape_string($_POST['name'])."', address='".mysql_real_escape_string($_POST['address'])."'"); Quote Link to comment https://forums.phpfreaks.com/topic/130812-troubles-properly-escaping-special-characters-during-insertsupdates/#findComment-679316 Share on other sites More sharing options...
fiddlehead_cons Posted October 31, 2008 Author Share Posted October 31, 2008 Thanks for the tip. I think I will do that from now on. Should I turn off magic quotes first or doesn't it matter? I also found out that one of my problems was with encoding. My GUI was being displayed in ISO-8859-1 and my database and database connection were UTF-8. The non-breaking space entity ( ) was causing a lot of problems. I tried changing the encoding of my GUI (Smarty templates embedded in a Joomla page) but it didn't seem to solve the problem. I also modified the form widget to only accept UTF-8 encondings. I eventually just did a str_replace() to get rid of all of the characters that were still causing me problems before writing to the database. Not elegant but more of an act of desperation. Not one of my prouder moments -James Quote Link to comment https://forums.phpfreaks.com/topic/130812-troubles-properly-escaping-special-characters-during-insertsupdates/#findComment-679379 Share on other sites More sharing options...
JonnoTheDev Posted October 31, 2008 Share Posted October 31, 2008 Turn magic quotes off. Pain in the arse. Quote Link to comment https://forums.phpfreaks.com/topic/130812-troubles-properly-escaping-special-characters-during-insertsupdates/#findComment-679407 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.