Fishcakes Posted April 28, 2021 Share Posted April 28, 2021 (edited) So I wanted to create stickers on my forum where people type in say ":Blobby-Tired" and then instead of the comment showing ":Blobby-Tired" it shows an html image tag displaying a picture of Blobby in the comment box So I created the following page CommentUpload.php However my sql fails to insert it despite the fact when I "echo $new" it shows the image on the page correctly And it can't be my sql insert code as if I change $new variable for "$BodyText" int he SQL query it it inserts ":Blobby-Tired" OK? <?php include 'dbconnect.php'; session_start(); if(isset($_POST["submit"]) && !empty($_POST["CommentText"])){ $id = intval($_SESSION['id']); echo $_SESSION['id'] . '<p> </p>' ; $BodyText = $conn -> real_escape_string($_POST['CommentText']) ; $User = $_SESSION['username']; //Replace flairs with <img> tags /*not working currently) */ $new = str_replace(":Blobby-Tired","<img src='flairs/Blobby-Tired.jpg'> </img>","'$BodyText'"); echo "$new"; /************************/ $sql = "INSERT INTO Posts (User, CommentText, IdOfThread) VALUES ('$User','$new','$id')"; if (mysqli_query($conn, $sql)) { echo "New record has been added successfully !"; } else { echo "Error: " . $sql . ":-" . mysqli_error($conn); } mysqli_close($conn); } ?> Edited April 28, 2021 by Fishcakes Quote Link to comment https://forums.phpfreaks.com/topic/312561-comment-upload-on-forum-replace-blobby-tired-with-an-img-tag-but-getting-an-error-when-passing-to/ Share on other sites More sharing options...
gw1500se Posted April 29, 2021 Share Posted April 29, 2021 What does the HTML source look like after the click? Quote Link to comment https://forums.phpfreaks.com/topic/312561-comment-upload-on-forum-replace-blobby-tired-with-an-img-tag-but-getting-an-error-when-passing-to/#findComment-1586242 Share on other sites More sharing options...
cyberRobot Posted April 30, 2021 Share Posted April 30, 2021 Does the query return an error? If so, what's the error? Or does the page display "New record has been added successfully !"? Quote Link to comment https://forums.phpfreaks.com/topic/312561-comment-upload-on-forum-replace-blobby-tired-with-an-img-tag-but-getting-an-error-when-passing-to/#findComment-1586254 Share on other sites More sharing options...
mac_gyver Posted April 30, 2021 Share Posted April 30, 2021 (edited) a. any substitution or processing of output, should occur when you output the data, not when you store the data. b. if you have a need to store data containing sql special characters, quotes in this case, you would apply any escape_string() function or even better yet, simply use a prepared query, right before executing the query, not prior to content being added to the data that contains quotes. Edited April 30, 2021 by mac_gyver 1 Quote Link to comment https://forums.phpfreaks.com/topic/312561-comment-upload-on-forum-replace-blobby-tired-with-an-img-tag-but-getting-an-error-when-passing-to/#findComment-1586255 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.