immanuelx2 Posted June 12, 2009 Share Posted June 12, 2009 Hey guys. I have a piece of code that puts the contents of a textbox into a mysql database: <?php mysql_query("INSERT INTO articles VALUES(NULL, ".input($_POST['articlecategory']).", ".input($_POST['articletitle']).", NULL, ".input($_POST['articletext']).", ".input($_SESSION['user_id']).", UNIX_TIMESTAMP(), '0')") And here is the input function <?php function input($value) { if (get_magic_quotes_gpc()) $value = stripslashes($value); if (!is_numeric($value)) $value = "'" . mysql_real_escape_string($value) . "'"; return $value; } Now the problem is, if there is a double quote inside the $_POST['articletitle'] variable, it only inputs the contents until the first double quote is reached. However, there are no problems with single quotes. Now the weird thing is, that only has a problem with textbox contents. The $_POST['articletext'] can have single or double quotes with no problems! Any help is greatly appreciated! Link to comment https://forums.phpfreaks.com/topic/161979-escape-issue-with-mysql-insert/ Share on other sites More sharing options...
PFMaBiSmAd Posted June 12, 2009 Share Posted June 12, 2009 How do you know - "it only inputs the contents until the first double quote is reached" It's likely you have a problem when you output it onto a web page. What does a "view source" of the output look like? Link to comment https://forums.phpfreaks.com/topic/161979-escape-issue-with-mysql-insert/#findComment-854671 Share on other sites More sharing options...
immanuelx2 Posted June 12, 2009 Author Share Posted June 12, 2009 Quote How do you know - "it only inputs the contents until the first double quote is reached" It's likely you have a problem when you output it onto a web page. What does a "view source" of the output look like? Say the following is true: <?php $_POST['articletitle'] = 'This is my "article"'; After the insert, if I look in the MySQL table, I only get 'This is my ' Link to comment https://forums.phpfreaks.com/topic/161979-escape-issue-with-mysql-insert/#findComment-854676 Share on other sites More sharing options...
darkfreaks Posted June 12, 2009 Share Posted June 12, 2009 <?php $value= 'This is my "article"'; function input($value) { if (get_magic_quotes_gpc()){ $value = stripslashes($value);} if (!is_numeric($value)){ $value = "'" . mysql_real_escape_string($value) . "'";} return $value; } echo $value; ?> gives me: 'This is my "article"' Link to comment https://forums.phpfreaks.com/topic/161979-escape-issue-with-mysql-insert/#findComment-854713 Share on other sites More sharing options...
immanuelx2 Posted June 12, 2009 Author Share Posted June 12, 2009 Quote <?php $value= 'This is my "article"'; function input($value) { if (get_magic_quotes_gpc()){ $value = stripslashes($value);} if (!is_numeric($value)){ $value = "'" . mysql_real_escape_string($value) . "'";} return $value; } echo $value; ?> gives me: 'This is my "article"' a) you are not even using the function b) you are not using it in a query Link to comment https://forums.phpfreaks.com/topic/161979-escape-issue-with-mysql-insert/#findComment-854762 Share on other sites More sharing options...
PFMaBiSmAd Posted June 12, 2009 Share Posted June 12, 2009 The only one here that can actually troubleshoot what is happening on your server with your form, with your php code, and with your database is you. So, what you have done to pin down what is happening? Have you echoed the $_POST data? Have you echoed the query string after the variables have been populated (you should be forming the query in a variable so that you can echo it)? Link to comment https://forums.phpfreaks.com/topic/161979-escape-issue-with-mysql-insert/#findComment-854771 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.