adamjones Posted June 26, 2014 Share Posted June 26, 2014 Hi, I have a text area field on one of my forms in order for people to post articles, however, it doesn't work when I try and post HTML through it. It works if I post normal text. Also, PHP won't give me an error, it just doesn't insert it? <?php if ($_POST['add']) { $title = addslashes($_POST['title']); $image = htmlspecialchars($_POST['image']); $source = mysql_real_escape_string($_POST['source']); $active = $_POST['active']; $feature = $_POST['feature']; $cat_id = $_POST['cat_id']; $content = htmlspecialchars($_POST['content']); $months = array( "", "January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", "December" ); $date = date('d', time()) . ' ' . $months[date('n', time())] . ' ' . date('Y', time()); if ($title == NULL || $image == NULL || $content == NULL) { echo '<br /><br /><center>Please, fill all inputs</center><br /><br />'; } else { $add = "INSERT INTO `news` cat_id='$cat_id', title='$title', image='$image', content='$content', date='$date', author='".$user['admin']."', authorid='".$user['id']."', source='$source', active='$active', twitter='".$user['twitter']."', featured='$feature'" or die(mysql_error()); $sql = mysql_query($add); $addgrowl = "INSERT INTO `growl` (toid, message) VALUES ('$id', 'Your article is now online!')"; $sql = mysql_query($addgrowl); echo '<script type="text/javascript"> window.location = "articles.php" </script> '; } } ?> Help :-( Quote Link to comment https://forums.phpfreaks.com/topic/289291-html-wont-insert-and-not-giving-an-error/ Share on other sites More sharing options...
Jacques1 Posted June 26, 2014 Share Posted June 26, 2014 None of this makes a lot of sense. The first INSERT query isn't valid SQL syntax. I'm not even sure what you're trying to do there. Did you mix up the syntax of UPDATE and INSERT? Did you want to use the special INSERT INTO ... SET ... syntax provided by MySQL? The query is wide open to SQL injections. You're randomly applying three different escaping functions to some of the values, but you don't seem to understand what they do and when to use them. You're applying or die(mysql_error()) to a string? Do you really want the whole world to see your database errors? The mysql_* functions are obsolete since more than 10 years, they're deprecated since PHP 5.5, and they will be removed in one of the next PHP versions. It's about time to switch. The center element is obsolete since HTML 4. That was back in 1997! A redirect with JavaScript? Why not an actual HTTP redirect with the header() function? This date() thing is odd. I think what you actually want is date('d F Y'). Quote Link to comment https://forums.phpfreaks.com/topic/289291-html-wont-insert-and-not-giving-an-error/#findComment-1483245 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.