Russia Posted January 29, 2011 Share Posted January 29, 2011 Hello, im trying to update my database with a paragraph of text in a texbox. The thing is my paragraph has apostrophes Look: In the run up to the return of the Wilderness, we've released a new wallpaper depicting a green dragon, plus a couple of 'getting started' guides about the Wilderness and free trade. It doesn't want to update my table and it shows the old paragraph. Here is how my update database looks like. <?php if (isset($_POST['Submit'])) { for($i=0;$i<$count;$i++){ $month = $_POST['month']; $date = $_POST['date']; $message = $_POST['message']; $title = $_POST['title']; $monthday = $month[$i]."<br>".$date[$i]; $sql1="UPDATE $tbl_name SET monthday='$monthday', month='$month[$i]', date='$date[$i]', message='$message[$i]', title='$title[$i]' WHERE id='$id[$i]'"; $result1 = mysql_query($sql1); } header("location:update2.php"); } ?> Can someone show me to to make it add the strip slashes to the $message variable. Thanks Alot! Link to comment https://forums.phpfreaks.com/topic/226064-canceling-out-apostrophes-from-text-used-to-update-database/ Share on other sites More sharing options...
Pikachu2000 Posted January 29, 2011 Share Posted January 29, 2011 Since you're using MySQL, string type data needs to be escaped with mysql_real_escape_string Link to comment https://forums.phpfreaks.com/topic/226064-canceling-out-apostrophes-from-text-used-to-update-database/#findComment-1167011 Share on other sites More sharing options...
Russia Posted January 29, 2011 Author Share Posted January 29, 2011 Iv tried it but it updates the table with the letter 'A'... Can you show me the proper way of using it. Link to comment https://forums.phpfreaks.com/topic/226064-canceling-out-apostrophes-from-text-used-to-update-database/#findComment-1167013 Share on other sites More sharing options...
Pikachu2000 Posted January 29, 2011 Share Posted January 29, 2011 You first need to have already established the connection to your database, then you simply use it like any other function. // db connection stuff already done by this point $message = mysql_real_escape_string($_POST['message']); Link to comment https://forums.phpfreaks.com/topic/226064-canceling-out-apostrophes-from-text-used-to-update-database/#findComment-1167018 Share on other sites More sharing options...
Russia Posted January 29, 2011 Author Share Posted January 29, 2011 I did it and now it just clears the value in the database It makes it blank instead of keeping the old value. Is there anything else I can do or use? Link to comment https://forums.phpfreaks.com/topic/226064-canceling-out-apostrophes-from-text-used-to-update-database/#findComment-1167067 Share on other sites More sharing options...
Pikachu2000 Posted January 29, 2011 Share Posted January 29, 2011 Looking at your code I can tell there's nothing in the variable anyhow. What's the for() loop supposed to be doing? Without seeing the form and more of the code, it's really hard to tell what's going on there. Post the current code. Link to comment https://forums.phpfreaks.com/topic/226064-canceling-out-apostrophes-from-text-used-to-update-database/#findComment-1167068 Share on other sites More sharing options...
Russia Posted January 29, 2011 Author Share Posted January 29, 2011 Here Il post the whole code. <?php mysql_connect("localhost", "", "")or die("cannot connect"); mysql_select_db("test")or die("cannot select DB"); $tbl_name="test_mysql"; $sql="SELECT * FROM $tbl_name"; $result=mysql_query($sql); $count=mysql_num_rows($result); ?> <form name="form1" method="post" action=""> <tr> <td> <table width="100%" border="0" cellspacing="1" cellpadding="0"> <tr> <td align="center"><strong>Row</strong></td> <td align="center"><strong>Month Date</strong></td> <td align="center"><strong>Message</strong></td> <td align="center"><strong>Title</strong></td> </tr> <?php while($rows=mysql_fetch_array($result)){ ?> <tr> <td align="center"><?php $id[]=$rows['id']; ?><?php echo $rows['id']; ?></td> <td align="center"><input name="month[]" MAXLENGTH="3" size="3" type="text" id="month" value="<?php echo $rows['month']; ?>"> <input name="date[]" MAXLENGTH="2" size="2" type="text" id="date" value="<?php echo $rows['date']; ?>"> </td> <td align="center"><input name="message[]" size="125" type="text" id="message" value="<?php echo $rows['message']; ?>"></td> <td align="center"><input name="title[]" size="50" type="text" id="title" value="<?php echo $rows['title']; ?>"></td> </tr> <?php } ?> <tr> <td colspan="4" align="center"><br><input type="submit" name="Submit" value="Submit"></td> </tr> </table> </td> </tr> </form> <hr> <?php if (isset($_POST['Submit'])) { for($i=0;$i<$count;$i++){ $month = $_POST['month']; $date = $_POST['date']; $message = $_POST['message']; $title = $_POST['title']; $monthday = $month[$i]."<br>".$date[$i]; $sql1="UPDATE $tbl_name SET monthday='$monthday', month='$month[$i]', date='$date[$i]', message='$message[$i]', title='$title[$i]' WHERE id='$id[$i]'"; $result1 = mysql_query($sql1); } header("location:update2.php"); } ?> Link to comment https://forums.phpfreaks.com/topic/226064-canceling-out-apostrophes-from-text-used-to-update-database/#findComment-1167069 Share on other sites More sharing options...
Russia Posted January 29, 2011 Author Share Posted January 29, 2011 Here is a video I made of what the problem is... Its on youtube: Please look Link to comment https://forums.phpfreaks.com/topic/226064-canceling-out-apostrophes-from-text-used-to-update-database/#findComment-1167074 Share on other sites More sharing options...
Russia Posted January 29, 2011 Author Share Posted January 29, 2011 Any luck my friends? Link to comment https://forums.phpfreaks.com/topic/226064-canceling-out-apostrophes-from-text-used-to-update-database/#findComment-1167086 Share on other sites More sharing options...
BlueSkyIS Posted January 29, 2011 Share Posted January 29, 2011 i suspect the problem is with the display of the data in HTML. you'll need to format it properly or it will break HTML tags, including form elements. you probably need htmlspecialchars(); http://php.net/manual/en/function.htmlspecialchars.php here is how I use it: $sql = "SELECT some_text_field FROM some_table LIMIT 1"; $result = mysql_query($sql) or die(mysql_error()); list($some_text_field) = mysql_fetch_row($result); // Display a form field or any HTML with this data: $some_text_field = htmlspecialchars($some_text_field, ENT_QUOTES); echo "<input type='text' name='some_text_field' value='$some_text_field' size='50'>"; Link to comment https://forums.phpfreaks.com/topic/226064-canceling-out-apostrophes-from-text-used-to-update-database/#findComment-1167096 Share on other sites More sharing options...
Pikachu2000 Posted January 29, 2011 Share Posted January 29, 2011 From watching your video, I can now see you were using mysql_real_escape_string() on an array. It won't work like that. You need to use it on each string value in the query, or use it in combination with array_map. So: $sql1="UPDATE $tbl_name SET monthday='$monthday', month='$month[$i]', date='$date[$i]', message='" . mysql_real_escape_string($message[$i]) . "', title='" . mysql_real_escape_string($title[$i]) . "' WHERE id='$id[$i]'"; Link to comment https://forums.phpfreaks.com/topic/226064-canceling-out-apostrophes-from-text-used-to-update-database/#findComment-1167099 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.