fiddlehead_cons Posted October 31, 2008 Share Posted October 31, 2008 Ugh, I'll probably struggle with this until my last day. I always get stuck on this when I write an app. Maybe someone can help educate me here. I'm coding a PHP/MySQL based HTML GUI to SELECT a TEXT field from a table, edit it, and then UPDATE/INSERT it back into the table (data is passed via a POST). The TEXT data contains all sorts of special characters though. Semicolons and Dollar Signs are giving me the most trouble right now. Can anyone help me figure out why I continue to corrupt my TEXT data by doing multiple SELECTs and UPDATEs of the same data in succession? When do I need to addslashes(), stripslashes(), etc. etc? Also, how do I deal with special line returns ("\n\r") and other characters like semi-colons and dollar signs? Any help would be appreciated. Thanks -James P.S. My form is a Smarty template so I use {$smarty.post.textdata|stripslashes} to display in the form, if that matters. Link to comment https://forums.phpfreaks.com/topic/130812-troubles-properly-escaping-special-characters-during-insertsupdates/ Share on other sites More sharing options...
JonnoTheDev Posted October 31, 2008 Share Posted October 31, 2008 Forget addslashes() and stripslashes(). When inserting/updating the record all you need to do is use mysql_real_escape_string() on each field variable i.e: mysql_query("INSERT INTO tableName SET name='".mysql_real_escape_string($_POST['name'])."', address='".mysql_real_escape_string($_POST['address'])."'"); Link to comment https://forums.phpfreaks.com/topic/130812-troubles-properly-escaping-special-characters-during-insertsupdates/#findComment-679316 Share on other sites More sharing options...
fiddlehead_cons Posted October 31, 2008 Author Share Posted October 31, 2008 Thanks for the tip. I think I will do that from now on. Should I turn off magic quotes first or doesn't it matter? I also found out that one of my problems was with encoding. My GUI was being displayed in ISO-8859-1 and my database and database connection were UTF-8. The non-breaking space entity ( ) was causing a lot of problems. I tried changing the encoding of my GUI (Smarty templates embedded in a Joomla page) but it didn't seem to solve the problem. I also modified the form widget to only accept UTF-8 encondings. I eventually just did a str_replace() to get rid of all of the characters that were still causing me problems before writing to the database. Not elegant but more of an act of desperation. Not one of my prouder moments -James Link to comment https://forums.phpfreaks.com/topic/130812-troubles-properly-escaping-special-characters-during-insertsupdates/#findComment-679379 Share on other sites More sharing options...
JonnoTheDev Posted October 31, 2008 Share Posted October 31, 2008 Turn magic quotes off. Pain in the arse. Link to comment https://forums.phpfreaks.com/topic/130812-troubles-properly-escaping-special-characters-during-insertsupdates/#findComment-679407 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.