Jump to content

stripslashes problem

emediastudios

By emediastudios
in PHP Coding Help

 Share

Recommended Posts

emediastudios Advanced Member

emediastudios

Posted
Posted

Hi everyone,

I have been building my first admin from scratch, and am going quite well.

But now i have a problem that i can't resolve.

 

The website is basically a library of quotes that users can submit, the admin then needs to approve and edit them before they are published on the site.

I have the admin built, and can display all the records and delete, but am having a problem with the update.

 

If the quote has a ' in the text it throws an error. If it doesn't it updates fine.

There needs to a cleaning function or something applied, and as i am still learning i am lost to how to do this,

I added the addslashes but it still throws the error.

Code below.

 

 

case 'updatequote';
$db_name = "auth";
$table_name = "quotes";
$connection = @mysql_connect("localhost", "root", "testing") or die(mysql_error());
$db = @mysql_select_db($db_name, $connection) or die(mysql_error());
foreach($_POST as $input) {
$_POST['array_key'] = addslashes($input);
} 
$sql = "UPDATE $table_name SET
artist = '$artist',song = '$song',quote = '$quote' WHERE quoteid =  ".$_REQUEST['quoteid']."";
$result = @mysql_query($sql,$connection) or die(mysql_error());

echo "Quote Edited Successfully";


break;

Link to comment
Share on other sites
emediastudios Advanced Member

emediastudios

Posted
  • Author
Posted

$sql = "UPDATE $table_name SETartist = '".mysql_real_escape_string($artist)."',song = '".mysql_real_escape_string($song)."',quote = '".mysql_real_escape_string($quote)."' WHERE quoteid =  ".mysql_real_escape_string($_REQUEST['quoteid'])."";

Awesome, Chintan, your the man! This works perfect.

Just one question though, because i am teaching myself php mysql, is this the right way to do it, by this i mean, can it be simplified as a function or in a different way so i don't have to type out so much code.

I just want to learn good practices from the start.

Thanks for your help.

Link to comment
Share on other sites
Oziam Member

Oziam

Posted
Posted

or you could use a common db inc file and have POST escaped automatically like;

 

foreach ($_POST as $key => $value){

$_POST[$key] = mysql_real_escape_string($value);

}

 

this can save alot of time re-writing mysql_real_escape_string all the time!

You could also use this for GET and REQUEST.

 

Personally I use this and a similar code for htmlentities and strip_tags

 

foreach ($_POST as $key => $value){

$_POST[$key] = htmlentities(strip_tags($value, ENT_QUOTES));

}

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.