savagenoob Posted April 25, 2009 Share Posted April 25, 2009 I have a form that allows a user to create and store quiz questions in the database for later use, I have ran across error messages on each question that has a ' . The tables are all set up as VARCHAR() so I dont know whats going on. Here is the code. <?php if(isset($_POST['submitquestion'])) { $testname = trim($_POST['testname']); echo $testname; $question = trim($_POST['question']); $option1 = trim($_POST['option1']); $option2 = trim($_POST['option2']); $option3 = trim($_POST['option3']); $option4 = trim($_POST['option4']); $answer = trim($_POST['correct']); $select = mysql_query("INSERT INTO pq_crtp_quiz SET question = '$question', option1 = '$option1', option2 = '$option2', option3 = '$option3', option4 = '$option4', answer = '$answer', testname = '$testname'"); echo mysql_error(); echo "Question Added Successfully"; echo "<meta http-equiv=Refresh content=20;url=quizadd.php>"; ?> <table> <tr><th>Add a question to a test</th></tr> <form action="" method="post" name="Add Question"> <tr><td>Select a test <?php echo '<SELECT name="testname">'; foreach ($showtest as $key => $value) { echo '<OPTION value="' . $value . '"> ' . $value . ''; } echo '</select>'; ?></td></tr> <tr><td>Question</td><tr> <tr><td><textarea name="question" cols="120" rows="20" wrap="virtual"></textarea></td></tr> <tr><th>Input the answer options</th></tr> <tr><td>Option 1 <input name="option1" type="text" size="40" maxlength="160" /></td></tr> <tr><td>Option 2 <input name="option2" type="text" size="40" maxlength="160" /></td></tr> <tr><td>Option 3 <input name="option3" type="text" size="40" maxlength="160" /></td></tr> <tr><td>Option 4 <input name="option4" type="text" size="40" maxlength="160" /></td></tr> <p> <tr><th>Select the correct answer: </th></tr> <label> <tr><td><input type="radio" name="correct" value="Option 1" id="correct_0" /> option1</label></td></tr> <br /> <label> <tr><td> <input type="radio" name="correct" value="Option 2" id="correct_1" /> option2</label></td></tr> <br /> <label> <tr><td><input type="radio" name="correct" value="Option 3" id="correct_2" /> option3</label></td></tr> <br /> <label> <tr><td><input type="radio" name="correct" value="Option 4" id="correct_3" /> option4</label></td></tr> <br /> </p> <tr><td><input type="submit" name="submitquestion" value="Next"></td></tr> </form> </table> <br /> Quote Link to comment Share on other sites More sharing options...
DjMikeS Posted April 25, 2009 Share Posted April 25, 2009 Please post the error message... Quote Link to comment Share on other sites More sharing options...
nankoweap Posted April 25, 2009 Share Posted April 25, 2009 while you're trimming the input, you're not sanitizing it. there are a few ways to accomplish this. given your code, considering using: http://www.php.net/mysql_real_escape_string there are other mechanisms to accomplish this task, but somewhere along the way and before the database executes the statement, it has to be done. jason Quote Link to comment Share on other sites More sharing options...
savagenoob Posted April 25, 2009 Author Share Posted April 25, 2009 I tried mysql_escape_string() and still getting the error. Question :What does it mean if an agent’s license is inactive? Error: Incorrect string value: '\x92s lic...' for column 'question' at row 1 Quote Link to comment Share on other sites More sharing options...
savagenoob Posted April 25, 2009 Author Share Posted April 25, 2009 Or can someone show me the easiest way to romove all ' from the fields... Quote Link to comment Share on other sites More sharing options...
nankoweap Posted April 26, 2009 Share Posted April 26, 2009 seems like it may be an encoding problem. here's a similar issue: http://forums.mysql.com/read.php?103,154519,154519#msg-154519 there's a boat load of info if you google php utf8... if you just want to remove quotes from a string, i see no reason why this wouldn't work: http://www.php.net/manual/en/function.str-replace.php jason Quote Link to comment Share on other sites More sharing options...
savagenoob Posted April 26, 2009 Author Share Posted April 26, 2009 Does anyone have a reason why the table has a problem with a ' ? Also, I need help doing a preg_replace on all commas if I cant solve the problem. I have tried and failed, here is what I am trying. <?php $question1 = preg_replace("/'/", "", $question); ?> BTW... the errors go away when I delete any ' in the questions or options Quote Link to comment Share on other sites More sharing options...
savagenoob Posted April 26, 2009 Author Share Posted April 26, 2009 Bumpity bump... I know someone can at least help with the preg_replace(), please. Just need to replace all ' with nothing. Quote Link to comment Share on other sites More sharing options...
savagenoob Posted April 26, 2009 Author Share Posted April 26, 2009 I am talking to myself I know this lol but this is bugging the hell out of me... I ran a test on my preg_replace() code and it works on a test page but with this code <?php if(isset($_POST['submitquestion'])) { $testname = trim($_POST['testname']); echo $testname; $question = mysql_escape_string($_POST['question']); $option1 = mysql_escape_string($_POST['option1']); $option2 = mysql_escape_string($_POST['option2']); $option3 = mysql_escape_string($_POST['option3']); $option4 = mysql_escape_string($_POST['option4']); $answer = mysql_escape_string($_POST['correct']); $question1 = preg_replace("/'/", "", $question); $option1a = preg_replace("/'/", "", $option1); $option2a = preg_replace("/'/", "", $option2); $option3a = preg_replace("/'/", "", $option3); $option4a = preg_replace("/'/", "", $option4); echo $question1; echo $option1a; echo $option2a; echo $option3a; echo $option4a; $select = mysql_query("INSERT INTO pq_crtp_quiz SET question = '$question1', option1 = '$option1a', option2 = '$option2a', option3 = '$option3a', option4 = '$option4a', answer = '$answer', testname = '$testname'"); echo mysql_error(); echo "Question Added Successfully"; echo "<meta http-equiv=Refresh content=20;url=quizadd.php>"; ?> It is not removing the ' . I dont get it, I dont understand why the database is kicking back the strings and dont understand why my preg_replace is not working. Quote Link to comment Share on other sites More sharing options...
savagenoob Posted April 27, 2009 Author Share Posted April 27, 2009 Anyone? ??? :'( :'( :'( Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted April 27, 2009 Share Posted April 27, 2009 str_replace("'", "\'", $string); shouldnt that work? Quote Link to comment Share on other sites More sharing options...
savagenoob Posted April 27, 2009 Author Share Posted April 27, 2009 I WISH!!! Something is up... what is going on that is making the string different coming from a $_POST variable that is screwing this up... thats where this problem is... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.