cuprasteve Posted October 6, 2006 Share Posted October 6, 2006 Ok this is probably a very easy fix for this, but I cant find it and iv tried loads of different combinations of things.The problem is with this insert line[code]VALUES (".$board_config['delete_post_forum'].", '".sprintf($lang['Deleted_post_from_topic'], $topic_test)."', ".$post_data['poster_id'].", ".time().", 0, 0, ".TOPIC_UNLOCKED.", 0, ".POST_NORMAL.", $post_id, $post_id, 0, '$userna')";[/code]$topic_test contains a post title for instance "Hi im new" which works fine, but if that title contains a ' for instance "You're day today" then it messes up the string and i get an error when it tries to insert in the database, any ideas?im assuming i have to encapsulate $topic_test in some form of quote combination? Quote Link to comment Share on other sites More sharing options...
printf Posted October 6, 2006 Share Posted October 6, 2006 surround the sprintf() with addslashes () or much better mysql_real_escape_string ()Note any string / char / text / type column should always be escaped, with at least addslashes (), but mysql_real_escape_string (), should be used in a db insert / select / delete, any db query!me! Quote Link to comment Share on other sites More sharing options...
cuprasteve Posted October 6, 2006 Author Share Posted October 6, 2006 hi, thanks muchly for the help, when you say addslashes whats the usage of that? can you show me an example using my line of code that i postedthanks in advance Quote Link to comment Share on other sites More sharing options...
cuprasteve Posted October 6, 2006 Author Share Posted October 6, 2006 hi, no worres iv sorted it, thanks very much for your help, used addslahses in the end Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.