savagenoob Posted April 25, 2009 Share Posted April 25, 2009 I have a form that allows a user to create and store quiz questions in the database for later use, I have ran across error messages on each question that has a ' . The tables are all set up as VARCHAR() so I dont know whats going on. Here is the code. <?php if(isset($_POST['submitquestion'])) { $testname = trim($_POST['testname']); echo $testname; $question = trim($_POST['question']); $option1 = trim($_POST['option1']); $option2 = trim($_POST['option2']); $option3 = trim($_POST['option3']); $option4 = trim($_POST['option4']); $answer = trim($_POST['correct']); $select = mysql_query("INSERT INTO pq_crtp_quiz SET question = '$question', option1 = '$option1', option2 = '$option2', option3 = '$option3', option4 = '$option4', answer = '$answer', testname = '$testname'"); echo mysql_error(); echo "Question Added Successfully"; echo "<meta http-equiv=Refresh content=20;url=quizadd.php>"; ?> <table> <tr><th>Add a question to a test</th></tr> <form action="" method="post" name="Add Question"> <tr><td>Select a test <?php echo '<SELECT name="testname">'; foreach ($showtest as $key => $value) { echo '<OPTION value="' . $value . '"> ' . $value . ''; } echo '</select>'; ?></td></tr> <tr><td>Question</td><tr> <tr><td><textarea name="question" cols="120" rows="20" wrap="virtual"></textarea></td></tr> <tr><th>Input the answer options</th></tr> <tr><td>Option 1 <input name="option1" type="text" size="40" maxlength="160" /></td></tr> <tr><td>Option 2 <input name="option2" type="text" size="40" maxlength="160" /></td></tr> <tr><td>Option 3 <input name="option3" type="text" size="40" maxlength="160" /></td></tr> <tr><td>Option 4 <input name="option4" type="text" size="40" maxlength="160" /></td></tr> <p> <tr><th>Select the correct answer: </th></tr> <label> <tr><td><input type="radio" name="correct" value="Option 1" id="correct_0" /> option1</label></td></tr> <br /> <label> <tr><td> <input type="radio" name="correct" value="Option 2" id="correct_1" /> option2</label></td></tr> <br /> <label> <tr><td><input type="radio" name="correct" value="Option 3" id="correct_2" /> option3</label></td></tr> <br /> <label> <tr><td><input type="radio" name="correct" value="Option 4" id="correct_3" /> option4</label></td></tr> <br /> </p> <tr><td><input type="submit" name="submitquestion" value="Next"></td></tr> </form> </table> <br /> Link to comment https://forums.phpfreaks.com/topic/155645-form-to-database-issue/ Share on other sites More sharing options...
DjMikeS Posted April 25, 2009 Share Posted April 25, 2009 Please post the error message... Link to comment https://forums.phpfreaks.com/topic/155645-form-to-database-issue/#findComment-819206 Share on other sites More sharing options...
nankoweap Posted April 25, 2009 Share Posted April 25, 2009 while you're trimming the input, you're not sanitizing it. there are a few ways to accomplish this. given your code, considering using: http://www.php.net/mysql_real_escape_string there are other mechanisms to accomplish this task, but somewhere along the way and before the database executes the statement, it has to be done. jason Link to comment https://forums.phpfreaks.com/topic/155645-form-to-database-issue/#findComment-819214 Share on other sites More sharing options...
savagenoob Posted April 25, 2009 Author Share Posted April 25, 2009 I tried mysql_escape_string() and still getting the error. Question :What does it mean if an agent’s license is inactive? Error: Incorrect string value: '\x92s lic...' for column 'question' at row 1 Link to comment https://forums.phpfreaks.com/topic/155645-form-to-database-issue/#findComment-819222 Share on other sites More sharing options...
savagenoob Posted April 25, 2009 Author Share Posted April 25, 2009 Or can someone show me the easiest way to romove all ' from the fields... Link to comment https://forums.phpfreaks.com/topic/155645-form-to-database-issue/#findComment-819236 Share on other sites More sharing options...
nankoweap Posted April 26, 2009 Share Posted April 26, 2009 seems like it may be an encoding problem. here's a similar issue: http://forums.mysql.com/read.php?103,154519,154519#msg-154519 there's a boat load of info if you google php utf8... if you just want to remove quotes from a string, i see no reason why this wouldn't work: http://www.php.net/manual/en/function.str-replace.php jason Link to comment https://forums.phpfreaks.com/topic/155645-form-to-database-issue/#findComment-819316 Share on other sites More sharing options...
savagenoob Posted April 26, 2009 Author Share Posted April 26, 2009 Does anyone have a reason why the table has a problem with a ' ? Also, I need help doing a preg_replace on all commas if I cant solve the problem. I have tried and failed, here is what I am trying. <?php $question1 = preg_replace("/'/", "", $question); ?> BTW... the errors go away when I delete any ' in the questions or options Link to comment https://forums.phpfreaks.com/topic/155645-form-to-database-issue/#findComment-819462 Share on other sites More sharing options...
savagenoob Posted April 26, 2009 Author Share Posted April 26, 2009 Bumpity bump... I know someone can at least help with the preg_replace(), please. Just need to replace all ' with nothing. Link to comment https://forums.phpfreaks.com/topic/155645-form-to-database-issue/#findComment-819762 Share on other sites More sharing options...
savagenoob Posted April 26, 2009 Author Share Posted April 26, 2009 I am talking to myself I know this lol but this is bugging the hell out of me... I ran a test on my preg_replace() code and it works on a test page but with this code <?php if(isset($_POST['submitquestion'])) { $testname = trim($_POST['testname']); echo $testname; $question = mysql_escape_string($_POST['question']); $option1 = mysql_escape_string($_POST['option1']); $option2 = mysql_escape_string($_POST['option2']); $option3 = mysql_escape_string($_POST['option3']); $option4 = mysql_escape_string($_POST['option4']); $answer = mysql_escape_string($_POST['correct']); $question1 = preg_replace("/'/", "", $question); $option1a = preg_replace("/'/", "", $option1); $option2a = preg_replace("/'/", "", $option2); $option3a = preg_replace("/'/", "", $option3); $option4a = preg_replace("/'/", "", $option4); echo $question1; echo $option1a; echo $option2a; echo $option3a; echo $option4a; $select = mysql_query("INSERT INTO pq_crtp_quiz SET question = '$question1', option1 = '$option1a', option2 = '$option2a', option3 = '$option3a', option4 = '$option4a', answer = '$answer', testname = '$testname'"); echo mysql_error(); echo "Question Added Successfully"; echo "<meta http-equiv=Refresh content=20;url=quizadd.php>"; ?> It is not removing the ' . I dont get it, I dont understand why the database is kicking back the strings and dont understand why my preg_replace is not working. Link to comment https://forums.phpfreaks.com/topic/155645-form-to-database-issue/#findComment-819847 Share on other sites More sharing options...
savagenoob Posted April 27, 2009 Author Share Posted April 27, 2009 Anyone? ??? :'( :'( :'( Link to comment https://forums.phpfreaks.com/topic/155645-form-to-database-issue/#findComment-820056 Share on other sites More sharing options...
mikesta707 Posted April 27, 2009 Share Posted April 27, 2009 str_replace("'", "\'", $string); shouldnt that work? Link to comment https://forums.phpfreaks.com/topic/155645-form-to-database-issue/#findComment-820067 Share on other sites More sharing options...
savagenoob Posted April 27, 2009 Author Share Posted April 27, 2009 I WISH!!! Something is up... what is going on that is making the string different coming from a $_POST variable that is screwing this up... thats where this problem is... Link to comment https://forums.phpfreaks.com/topic/155645-form-to-database-issue/#findComment-820087 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.