yDelco Posted September 25, 2014 Share Posted September 25, 2014 I created a form where someone can add their name and a comment and then submit it to my database.here's the code of the form PHP <form method="post" action="addcomments_per_student_action.php" enctype="multipart/form-data" style="width: 700px; height: 400px;"> <?php $x=$_GET['st']; $result = $log->qry("Select * from students where id=".$x); $row=mysql_fetch_assoc($result); echo $row['name'].' - '.$row['surname']; ?> <input type="hidden" name="st" value="<?php echo $row['id']; ?>"> <br><br> <label>name</label> <input type="text" name="comm" required><br> <label>comment</label> <textarea name="comments" style="width: 600px; heigh: 350px;"></textarea> <br> <input name="submit" id="submit" value="submit" type="submit" style="width: 150px;"><br> </form> and here's the code of the form's action PHP <?php require ('logmein.php'); $log = new logmein(); if($log->logincheck($_SESSION['loggedin'],"logon","password","username") == false) { //elenxos egkirotitas sindesis tou xristi sto sistima.An oxi epistrofi stin index me plirofories tou lathous $log->redirect($log->getHost()); } if($_SESSION['userlevel']!=0) { $log->redirect($log->getHost()."?result=3"); } $student=$_POST['st']; $comm=$_POST['comm']; $comments=$_POST['comments']; $log->qry("Insert into comments (student,comm,comment) values (".$student.",'".$comm."','".$comments."')"); $log->redirect("http://spoudastirio.com.gr/grades/comments.php"); ?> THE PROBLEM: When someone submits a plain text, it works fine , but where they write ' symbol the file gets an error.THE ERROR: When i type "here's the game" in the textarea i get this error. You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's the best game.')' at line 1 My database table is utf8-general ci // text format.How can i solve it, so there won't be this kind of problems. Link to comment https://forums.phpfreaks.com/topic/291275-allow-special-characters-in-forms-texarea-after-submit/ Share on other sites More sharing options...
ginerjm Posted September 25, 2014 Share Posted September 25, 2014 That will teach you not to inject unsanitized values from the user directly into your query. Obviously the inclusion of that quote messes with the overall quoting of the query string and hence you error. Switch to using prepared queries so that your values can be handled properly Link to comment https://forums.phpfreaks.com/topic/291275-allow-special-characters-in-forms-texarea-after-submit/#findComment-1492048 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.