Jump to content

Getting around apostrophe problem in forms - help please.

ryanwood4

By ryanwood4
in PHP Coding Help

 Share

Recommended Posts

ryanwood4 Member

ryanwood4

Posted
Posted

Hi, I am using a form to submit articles to a database, but when I add an apostrophe (') in the title it doesn't add the data, however without an apostrophe it does.

 

This is the code im using: 

<?php 

// Connects to your Database 
mysql_connect("localhost","xxxx","xxxx") or die(mysql_error()); //CHANGE ME BACK!!!!!
mysql_select_db("xxxx") or die(mysql_error());  

//This code runs if the form has been submitted
if (isset($_POST['submit'])) { 

$date = date("y-m-d H:i:s");

// now we insert it into the database
$insert = "INSERT INTO members (title,body,image,category,date)
VALUES ('$_POST[title]','$_POST[body]','$_POST[image]','$_POST[category]','$date')";
$add_member = mysql_query($insert); 
?>

<p>Congrats!</p>
<?php 
} 
else 
{	
?>

 

How can I get around this problem? I heard about this: mysql_real_escape_string - but have no idea how to implement it in the code.

 

Would really appreciate some help.

 

Thanks in advance.

Link to comment
Share on other sites
mraza Regular Member

mraza

Posted
Posted 

// now we insert it into the database
$insert = "INSERT INTO members (title,body,image,category,date)
VALUES ('$_POST[title]','$_POST[body]','$_POST[image]','$_POST[category]','$date')";
$add_member = mysql_query($insert);

 

something like this:

$insert = sprintf("INSERT INTO members set 
title = '%s' ,
body = '%s',
image = '%s',
category = '%s',
date = NOW()
",
mysql_real_escape_string($_POST[title]),
mysql_real_escape_string($_POST[body]),
mysql_real_escape_string($_POST[image]),
mysql_real_escape_string($_POST[category]),
mysql_real_escape_string($date])
);

 

Edit: if you wants to add current date you can do with date = NOW(),

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

That should be....

 

$insert = sprintf("INSERT INTO members set
title = '%s' ,
body = '%s',
image = '%s',
category = '%s',
date = '%s'
",
mysql_real_escape_string($_POST['title']),
mysql_real_escape_string($_POST['body']),
mysql_real_escape_string($_POST['image']),
mysql_real_escape_string($_POST['category']));

Link to comment
Share on other sites
ryanwood4 Member

ryanwood4

Posted
  • Author
Posted

This is the new code, which didn't work though.

 

<?php 

// Connects to your Database 
mysql_connect("localhost","xxxx","xxxx") or die(mysql_error()); //CHANGE ME BACK!!!!!
mysql_select_db("xxxx") or die(mysql_error());  

//This code runs if the form has been submitted
if (isset($_POST['submit'])) { 

$date = date("y-m-d H:i:s");

// now we insert it into the database
insert = sprintf("INSERT INTO members set
title = '%s' ,
body = '%s',
image = '%s',
category = '%s',
date = '%s'
",
mysql_real_escape_string($_POST['title']),
mysql_real_escape_string($_POST['body']),
mysql_real_escape_string($_POST['image']),
mysql_real_escape_string($_POST['category']));
?>

<p>Congrats!</p>
<?php 
} 
else 
{	
?>

Link to comment
Share on other sites
mraza Regular Member

mraza

Posted
Posted

are you missing something

 

$add_member = mysql_query($insert);

 

and change this:

insert = sprintf("INSERT INTO members set

to this:

$insert = sprintf("INSERT INTO members set

 

$insert = sprintf("INSERT INTO members set
title = '%s' ,
body = '%s',
image = '%s',
category = '%s',
date = '%s'
",
mysql_real_escape_string($_POST[title]),
mysql_real_escape_string($_POST[body]),
mysql_real_escape_string($_POST[image]),
mysql_real_escape_string($_POST[category]),
mysql_real_escape_string($date])
);

Link to comment
Share on other sites
ryanwood4 Member

ryanwood4

Posted
  • Author
Posted

Nope, that's not working either:

 

<?php 

// Connects to your Database 
mysql_connect("localhost","xxxx","xxxx") or die(mysql_error()); //CHANGE ME BACK!!!!!
mysql_select_db("xxxx") or die(mysql_error());  

//This code runs if the form has been submitted
if (isset($_POST['submit'])) { 

$date = date("y-m-d H:i:s");

// now we insert it into the database
$insert = sprintf("INSERT INTO members set
title = '%s' ,
body = '%s',
image = '%s',
category = '%s',
date = '%s'
",
mysql_real_escape_string($_POST['title']),
mysql_real_escape_string($_POST['body']),
mysql_real_escape_string($_POST['image']),
mysql_real_escape_string($_POST['category']));

$add_member = mysql_query($insert); 
?>

<p>Article posted</p>
<?php 
} 
else 
{	
?>

Link to comment
Share on other sites
mraza Regular Member

mraza

Posted
Posted

Try this:

<?php 

// Connects to your Database 
mysql_connect("localhost","xxxx","xxxx") or die(mysql_error()); //CHANGE ME BACK!!!!!
mysql_select_db("xxxx") or die(mysql_error());  

//This code runs if the form has been submitted
if (isset($_POST['submit'])) { 

$date = date("y-m-d H:i:s");

$insert = sprintf("INSERT INTO members set
title = '%s' ,
body = '%s',
image = '%s',
category = '%s',
date = '%s'
",
mysql_real_escape_string($_POST['title']),
mysql_real_escape_string($_POST['body']),
mysql_real_escape_string($_POST['image']),
mysql_real_escape_string($_POST['category']),
mysql_real_escape_string($date])
);
$add_member = mysql_query($insert) or die(mysql_error()); 

?>

<p>Article posted</p>
<?php 
} 
else 
{   
?>

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.