Jump to content

canceling out apostrophes from text used to update database.


Russia

Recommended Posts

Hello, im trying to update my database with a paragraph of text in a texbox.

 

The thing is my paragraph has apostrophes

 

Look:

In the run up to the return of the Wilderness, we've released a new wallpaper depicting a green dragon, plus a couple of 'getting started' guides about the Wilderness and free trade.

 

It doesn't want to update my table and it shows the old paragraph.

 

Here is how my update database looks like.

 

<?php
if (isset($_POST['Submit'])) { 
for($i=0;$i<$count;$i++){
$month = $_POST['month'];
$date = $_POST['date'];
$message = $_POST['message'];



$title = $_POST['title'];
$monthday = $month[$i]."<br>".$date[$i];
$sql1="UPDATE $tbl_name SET monthday='$monthday', month='$month[$i]', date='$date[$i]', message='$message[$i]', title='$title[$i]' WHERE id='$id[$i]'";
$result1 = mysql_query($sql1);
} 
header("location:update2.php");
}
?>

 

 

Can someone show me to to make it add the strip slashes to the $message variable.

 

Thanks Alot!

You first need to have already established the connection to your database, then you simply use it like any other function.

 

// db connection stuff already done by this point

$message = mysql_real_escape_string($_POST['message']);

Looking at your code I can tell there's nothing in the variable anyhow. What's the for() loop supposed to be doing? Without seeing the form and more of the code, it's really hard to tell what's going on there. Post the current code.

Here Il post the whole code.

 

 
<?php
mysql_connect("localhost", "", "")or die("cannot connect");
mysql_select_db("test")or die("cannot select DB");

$tbl_name="test_mysql";
$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);

$count=mysql_num_rows($result);
?>
<form name="form1" method="post" action="">
<tr>
<td>
<table width="100%" border="0" cellspacing="1" cellpadding="0">

<tr>
<td align="center"><strong>Row</strong></td>
<td align="center"><strong>Month  Date</strong></td>
<td align="center"><strong>Message</strong></td>
<td align="center"><strong>Title</strong></td>
</tr>
<?php
while($rows=mysql_fetch_array($result)){
?>
<tr>
<td align="center"><?php $id[]=$rows['id']; ?><?php echo $rows['id']; ?></td>
<td align="center"><input name="month[]" MAXLENGTH="3" size="3" type="text" id="month" value="<?php echo $rows['month']; ?>">
               <input name="date[]" MAXLENGTH="2" size="2" type="text" id="date" value="<?php echo $rows['date']; ?>">
</td>
<td align="center"><input name="message[]" size="125" type="text" id="message" value="<?php echo $rows['message']; ?>"></td>
<td align="center"><input name="title[]"  size="50"  type="text" id="title" value="<?php echo $rows['title']; ?>"></td>
</tr>
<?php
}
?>
<tr>

<td colspan="4" align="center"><br><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</td>
</tr>
</form>

<hr>

<?php
if (isset($_POST['Submit'])) { 
for($i=0;$i<$count;$i++){
$month = $_POST['month'];
$date = $_POST['date'];



$message = $_POST['message'];



$title = $_POST['title'];
$monthday = $month[$i]."<br>".$date[$i];
$sql1="UPDATE $tbl_name SET monthday='$monthday', month='$month[$i]', date='$date[$i]', message='$message[$i]', title='$title[$i]' WHERE id='$id[$i]'";
$result1 = mysql_query($sql1);
} 
header("location:update2.php");
}
?>   

i suspect the problem is with the display of the data in HTML. you'll need to format it properly or it will break HTML tags, including form elements. you probably need htmlspecialchars();

 

http://php.net/manual/en/function.htmlspecialchars.php

 

here is how I use it:

 

$sql = "SELECT some_text_field FROM some_table LIMIT 1";
$result = mysql_query($sql) or die(mysql_error());
list($some_text_field) = mysql_fetch_row($result);

// Display a form field or any HTML with this data:
$some_text_field = htmlspecialchars($some_text_field, ENT_QUOTES);
echo "<input type='text' name='some_text_field' value='$some_text_field' size='50'>";

From watching your video, I can now see you were using mysql_real_escape_string() on an array. It won't work like that. You need to use it on each string value in the query, or use it in combination with array_map.

 

So:

$sql1="UPDATE $tbl_name SET 
monthday='$monthday', 
month='$month[$i]', 
date='$date[$i]', 
message='" . mysql_real_escape_string($message[$i]) . "', 
title='" . mysql_real_escape_string($title[$i]) . "' 
WHERE 
id='$id[$i]'";

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.