00stuff Posted July 26, 2010 Share Posted July 26, 2010 Hi guys, I am creating a simple page that takes input from the user in several text boxes and one text area. Then when you click on the submit button it stores that data into a MySQL database. Additional to this input page there will be a second page that shows the data that was stored in the database. It should be a simple project. The problem that I'm having is that when the user inputs data with ' apostrophes in it. It crashes my code. It doesn't show what ever is after the ' apostrophe is disregarded and the data doesn't show with the echo command. I really don't know what to do. I tried using some addslashes and removeslashes functions but they did not work. Maybe I used them incorrectly. That is why I need help. Here is my code. page that takes input: ( right now it is also the page that shows the data from the database. I will separate it later. ) <html> <head> <title>Tutorial Input</title> </head> <body link="blue" vlink="blue" alink="blue"> <h2> New Article </h2> <br> <form name="tutorial_form" method="post" action="inputarticle.php"> Title: <input name="tutorial_title" type="text"> Category: <input name="tutorial_category" type="text"> <br><br> Content:<br> <textarea rows='10' cols='90' name='tutorial_content'> </textarea><br><br> Tags:<br> <textarea rows='5' cols='30' name='tutorial_tags'> </textarea><br><br> <input type="submit" value="Submit"> </form> <br> <hr> <br> <?php $con = mysql_connect("host","username","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("database", $con); $result = mysql_query("SELECT * FROM tutorial_articles ORDER BY title"); while($row = mysql_fetch_array($result)) { $link = "<a href='tutorialshow.php?id=" . $row['id'] . "&title=" . $row['title'] . "&category=" . $row['category'] . "&content=" . $row['content'] . "&tags=" . $row['tags'] . "' target='new'>" . $row['title'] . "</a>"; echo $link . "<br>"; } mysql_close($con); ?> </body> </html> Then the code that enters the data to the database is this. <?php $a_title = $_POST["tutorial_title"]; $a_category = $_POST["tutorial_category"]; $a_content = $_POST["tutorial_content"]; $a_tags = $_POST["tutorial_tags"]; $con = mysql_connect("host","username","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("itdirectory", $con); $sql="INSERT INTO tutorial_articles (title, category, content, tags) VALUES ('$a_title','$a_category','$a_content','$a_tags')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con); ?> <html> <head> <script type="text/javascript"> <!-- function delayer(){ window.location = "tutorialform.php"} //--> </script> </head> <body onLoad="setTimeout('delayer()', 3000)"><h2>Prepare to be redirected!</h2> </body> </html> Then the last page is just the page that opens after someone clicks on the link that is displayed on the input/link page: <?php $id = $_GET['id']; $title = $_GET['title']; $category = $_GET['category']; $content = $_GET['content']; $tags = $_GET['tags']; ?> <html> <head> <title><?php echo $title; ?></title> </head> <body> <?php echo "<font size='5'>" . $title . "</font> - <font color='green' size='2'>" . $category . "</font><br><br>"; echo $content; ?> </body> </html> Any help is welcome. Thanks in advanced. EDITed for CODE tags Quote Link to comment Share on other sites More sharing options...
msaz87 Posted July 26, 2010 Share Posted July 26, 2010 Use the addslashes function to escape any characters that would screw it up... $a_title = addslashes($_POST["tutorial_title"]); $a_category = addslashes($_POST["tutorial_category"]); $a_content = addslashes($_POST["tutorial_content"]); $a_tags = addslashes($_POST["tutorial_tags"]); Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted July 26, 2010 Share Posted July 26, 2010 A ' has meaning in HTML and it will break the HTML on your page if you simply echo/output it. Any content that you output on a page (that is not intended to be html tags) needs to be passed through htmlentities with the second parameter set to ENT_QUOTES Quote Link to comment Share on other sites More sharing options...
00stuff Posted July 26, 2010 Author Share Posted July 26, 2010 Ok, guys I tried the htmlentities() with the second parameter set to ENT_QUOTES like this: $link = "<a href='tutorialshow.php?id=" . $row['id'] . "&title=" . htmlentities($row['title'], ENT_QUOTES) . "&category=" . htmlentities($row['category'], ENT_QUOTES) . "&content=" . htmlentities($row['content'], ENT_QUOTES) . "&tags=" . htmlentities($row['tags'], ENT_QUOTES) . "' target='new'>" . htmlentities($row['title'], ENT_QUOTES) . "</a>"; echo $link . "<br>"; but I get this on the output for the title part (the part with the ' ) Can\'t be working. It places that \ and I don't need that. Do I have to use that stripslash function now? Quote Link to comment Share on other sites More sharing options...
webmaster1 Posted July 26, 2010 Share Posted July 26, 2010 It places that \ and I don't need that. Do I have to use that stripslash function now? Yes. Stripslashes will do the trick. <?php // Remove backslashes... stripslashes($somevariable); // Notes: http://php.net/manual/en/function.stripslashes.php ?> Quote Link to comment Share on other sites More sharing options...
00stuff Posted July 27, 2010 Author Share Posted July 27, 2010 Thanks guys, you helped a lot. I tried the stripslashes() and it worked. Now I can take input with ' on the data and echo it out without any problems. Thanks a lot. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.