Jump to content


Photo

Problem with Insert string


  • Please log in to reply
3 replies to this topic

#1 cuprasteve

cuprasteve
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 06 October 2006 - 02:01 PM

Ok this is probably a very easy fix for this, but I cant find it and iv tried loads of different combinations of things.

The problem is with this insert line

VALUES (".$board_config['delete_post_forum'].", '".sprintf($lang['Deleted_post_from_topic'], $topic_test)."', ".$post_data['poster_id'].", ".time().", 0, 0, ".TOPIC_UNLOCKED.", 0, ".POST_NORMAL.", $post_id, $post_id, 0, '$userna')";

$topic_test contains a post title for instance "Hi im new" which works fine, but if that title contains a ' for instance "You're day today" then it messes up the string and i get an error when it tries to insert in the database, any ideas?

im assuming i have to encapsulate $topic_test in some form of quote combination?

#2 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 06 October 2006 - 02:12 PM

surround the sprintf() with addslashes () or much better mysql_real_escape_string ()

Note any string / char / text / type column should always be escaped, with at least addslashes (), but mysql_real_escape_string (), should be used in a db insert / select / delete, any db query!

me!

#3 cuprasteve

cuprasteve
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 06 October 2006 - 02:18 PM

hi, thanks muchly for the help, when you say addslashes whats the usage of that? can you show me an example using my line of code that i posted

thanks in advance

#4 cuprasteve

cuprasteve
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 06 October 2006 - 02:53 PM

hi, no worres iv sorted it, thanks very much for your help, used addslahses in the end




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users