Need help with my code please to allow apostrophies in form.

adam1_8_2 · March 31, 2010

Hi,

Im having trouble with my code as it wont allow anyone to add any details that contain an apostrophie into my mysql database.

Everything else seems to work ok.

Is it somthing to do with mysql_real_escape_string?

also if you could implement any help with this problem to the code below i would be very thankfull.

thank you Adam

<?php

include "connect.php";

if(isset($_POST['submit']))

{

$name=$_POST['name'];

$comment=$_POST['comment'];

$email=$_POST['email'];

if(strlen($name)<1)

{

print "You did not enter a name. Use the back button on your browser to go back.";

die;

}

if(strlen($comment)<1)

{

print "You did not enter any feedback. Use the back button on your browser to go back.";

die;

}

if(strlen($email)>0)

{

print "ERROR. Use the back button on your browser to go back.";

die;

}

if (strtolower($_POST['code']) != '12') {die("You did not answer the security answer correctly. Use the back button on your browser to go back.");}

$pos = strpos($name, "ttp");

if ($pos == false) {

print "";

} else {

die;

}

$pos = strpos($comment, "ttp");

if ($pos == false) {

print "";

} else {

die;

}

{

$insert="Insert into visitordata (name,comment) values('$name','$comment')";

mysql_query($insert) or die("Could not insert comment");

print "Feedback added. <A href='display.php'>Click here</a> to view all feedback.";

}

?>

trq · March 31, 2010

Is it somthing to do with mysql_real_escape_string?

Yes. All user inputted data needs to have bad chars escaped before being used in any query. eg;

$comment = mysql_real_escape_string($_POST['comment']);

Sign In

Need help with my code please to allow apostrophies in form.

Recommended Posts

adam1_8_2

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information