Switched servers... now functionality lost. Same PHP version & MySQL version

[jw_d]

I posted this on the MySQL forum, then started thinking maybe something's going wrong in the PHP... I'm stuck!!!

 

I switched servers recently and moved one database over. The MySQL versions & PHP are the same.

 

It runs a backend simple CMS.

 

Basically now, if I go in and edit a page using the WYSIWYG editor, it will not record anything that is cut and pasted from Notepad.

 

However, if I type it in manually, it will.

 

Any thoughts what could be different with the PHP or database to record text that is typed, but not text pasted from Notepad.

 

On the other server, it works fine.

[jw_d]

Ok. Wait!

 

Did some more testing. It's not when I paste from Notepad actually.

 

It stalls out and doesn't post anything to the database when I have a word that has a " ' " in it. Is that something I need to with the PHP or the MySQL database?

[premiso]

You need to add mysql_real_escape_string to the string input going into the DB.

 

The reason it worked on your old server, was chances are it had "Magic Quotes" (see this function for more information/links to more information)  get_magic_quotes_gpc turned on. The new server does not, which is the better/preferred way for them to be turned off.

 

Fix the code and it will work.

 

EDIT:

Added the "string" portion to the above thanks PFM for reminding of that lol!

[PFMaBiSmAd]

Edit: basically the same info as above ^^^

 

All data put into a query that contains special characters, like a ' or " needs to be escaped so that it does not break the query (or allow sql injection.)

 

Your code does not have any logic to do this and was probably relying on the magic_quotes_gpc setting to do this for you. magic_quotes_gpc is depreciated, turned off by default when using recommend php.ini settings and has been removed in php6.

 

You need to use the mysql_real_escape_string function on any string data that is put into a query.