only1perky Posted November 27, 2008 Share Posted November 27, 2008 Hi guys, I'm sure this is quite easy to solve but I've ground to a halt. I have a text entry box in my CMS which adds a paragraph or two of info into a mysql database. In general this works fine except for one annoying problem- whenever I type a " it turns into a ? when submitted to the database. Can anyone advise me on how to solve this problem. Cheers. Link to comment https://forums.phpfreaks.com/topic/134484-text-box-replaces-s-with-s/ Share on other sites More sharing options...
Mchl Posted November 27, 2008 Share Posted November 27, 2008 How are you escaping your data before inserting into database? (You do escape it, don't you?) Link to comment https://forums.phpfreaks.com/topic/134484-text-box-replaces-s-with-s/#findComment-700265 Share on other sites More sharing options...
only1perky Posted November 27, 2008 Author Share Posted November 27, 2008 Hi I was using addslashes() put having just done a little reading I think i'll change to mysql_real_escape_string(). Can you just advise me on how I will implement this, by the way I am currently UPDATING info not INSERTING. Here is my update code: $updateSQL = sprintf("UPDATE managers SET season=%s, seasonNumber=%s, number=%s, manager=%s, assistant=%s, code=%s, startDate=%s, endDate=%s, gamesManaged=%s, gamesWon=%s, gamesDrew=%s, gamesLost=%s, goalsFor=%s, goalsAgainst=%s, percentWon=%s, percentDrew=%s, percentLost=%s, percentFor=%s, percentAgainst=%s, image=%s, imagein=%s, imageout=%s, info=%s, inInfo=%s, outInfo=%s WHERE id=%s", GetSQLValueString($HTTP_POST_VARS['season'], "text"), GetSQLValueString($HTTP_POST_VARS['seasonNumber'], "text"), GetSQLValueString($HTTP_POST_VARS['number'], "text"), GetSQLValueString($HTTP_POST_VARS['manager'], "text"), GetSQLValueString($HTTP_POST_VARS['assistant'], "text"), GetSQLValueString($HTTP_POST_VARS['code'], "text"), GetSQLValueString($HTTP_POST_VARS['startDate'], "text"), GetSQLValueString($HTTP_POST_VARS['endDate'], "text"), GetSQLValueString($HTTP_POST_VARS['gamesManaged'], "text"), GetSQLValueString($HTTP_POST_VARS['gamesWon'], "text"), GetSQLValueString($HTTP_POST_VARS['gamesDrew'], "text"), GetSQLValueString($HTTP_POST_VARS['gamesLost'], "text"), GetSQLValueString($HTTP_POST_VARS['goalsFor'], "text"), GetSQLValueString($HTTP_POST_VARS['goalsAgainst'], "text"), GetSQLValueString($HTTP_POST_VARS['percentWon'], "text"), GetSQLValueString($HTTP_POST_VARS['percentDrew'], "text"), GetSQLValueString($HTTP_POST_VARS['percentLost'], "text"), GetSQLValueString($HTTP_POST_VARS['percentFor'], "text"), GetSQLValueString($HTTP_POST_VARS['percentAgainst'], "text"), GetSQLValueString($fileName,"text"), GetSQLValueString($fileName2,"text"), GetSQLValueString($fileName3,"text"), GetSQLValueString($HTTP_POST_VARS['info'], "text"), **** The info box **** GetSQLValueString($HTTP_POST_VARS['inInfo'], "text"), GetSQLValueString($HTTP_POST_VARS['outInfo'], "text"), GetSQLValueString($HTTP_POST_VARS['id'], "int")); From this raw code how will I implement the mysql_real_escape_string(). Link to comment https://forums.phpfreaks.com/topic/134484-text-box-replaces-s-with-s/#findComment-700279 Share on other sites More sharing options...
Mchl Posted November 27, 2008 Share Posted November 27, 2008 What version of PHP are you using? Do you have magic quotes enabled (if so, disable them). What is GetSQLValueString()?? it's not standard PHP function. Perhaps it's encapsulating mysql_real_escape_string. Don't know. Instead of $HTTP_POST_VARS use $_POST array Link to comment https://forums.phpfreaks.com/topic/134484-text-box-replaces-s-with-s/#findComment-700281 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.