adam1_8_2 Posted March 31, 2010 Share Posted March 31, 2010 Hi, Im having trouble with my code as it wont allow anyone to add any details that contain an apostrophie into my mysql database. Everything else seems to work ok. Is it somthing to do with mysql_real_escape_string? also if you could implement any help with this problem to the code below i would be very thankfull. thank you Adam <?php include "connect.php"; if(isset($_POST['submit'])) { $name=$_POST['name']; $comment=$_POST['comment']; $email=$_POST['email']; if(strlen($name)<1) { print "<font face='arial black' size='4'><span style='color:#ff0000'><b>You did not enter a name.<br> Use the back button on your browser to go back.</b></span>"; die; } if(strlen($comment)<1) { print "<font face='arial black' size='4'><span style='color:#ff0000'><b>You did not enter any feedback.<br> Use the back button on your browser to go back.</b></span>"; die; } if(strlen($email)>0) { print "<font face='arial black' size='4'><span style='color:#ff0000'><b>ERROR.<br> Use the back button on your browser to go back.</b></span>"; die; } if (strtolower($_POST['code']) != '12') {die("<font face='arial black' size='4'><span style='color:#ff0000'><b>You did not answer the security answer correctly.<br> Use the back button on your browser to go back.</b></span>");} $pos = strpos($name, "ttp"); if ($pos == false) { print ""; } else { die; } $pos = strpos($comment, "ttp"); if ($pos == false) { print ""; } else { die; } } { $insert="Insert into visitordata (name,comment) values('$name','$comment')"; mysql_query($insert) or die("Could not insert comment"); print "<font face='arial black' size='4'><span style='color:#ff0000'><b>Feedback added. <A href='display.php'>Click here</a> to view all feedback.</b></span>"; } ?> Link to comment https://forums.phpfreaks.com/topic/197090-need-help-with-my-code-please-to-allow-apostrophies-in-form/ Share on other sites More sharing options...
trq Posted March 31, 2010 Share Posted March 31, 2010 Is it somthing to do with mysql_real_escape_string? Yes. All user inputted data needs to have bad chars escaped before being used in any query. eg; $comment = mysql_real_escape_string($_POST['comment']); Link to comment https://forums.phpfreaks.com/topic/197090-need-help-with-my-code-please-to-allow-apostrophies-in-form/#findComment-1034618 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.