Jump to content

Comment Upload on forum - Replace ":Blobby-tired" with an img tag but getting an error when passing to


Fishcakes
 Share

Recommended Posts

So I wanted to create stickers on my forum where people type in say ":Blobby-Tired" and then instead of the comment showing ":Blobby-Tired" it shows an html image tag displaying a picture of Blobby in the comment box

So I created the following page CommentUpload.php

However my sql fails to insert it despite the fact when I "echo $new" it shows the image on the page correctly

And it can't be my sql insert code as if I change $new variable for "$BodyText" int he SQL query it it inserts   ":Blobby-Tired" OK?

 

<?php
include 'dbconnect.php';
session_start();

if(isset($_POST["submit"]) && !empty($_POST["CommentText"])){
$id = intval($_SESSION['id']);
echo  $_SESSION['id'] . '<p> </p>'   ; 
$BodyText = $conn -> real_escape_string($_POST['CommentText']) ; 
$User = $_SESSION['username'];

//Replace flairs with <img> tags 
/*not working currently) */
$new = str_replace(":Blobby-Tired","<img src='flairs/Blobby-Tired.jpg'> </img>","'$BodyText'");
echo "$new";
/************************/ 

	 $sql = "INSERT INTO Posts (User, CommentText, IdOfThread)
     VALUES ('$User','$new','$id')";
     if (mysqli_query($conn, $sql)) {
        echo "New record has been added successfully !";
     } else {
        echo "Error: " . $sql . ":-" . mysqli_error($conn);
     }


     mysqli_close($conn);

}

?>

 

Edited by Fishcakes
Link to comment
Share on other sites

a. any substitution or processing of output, should occur when you output the data, not when you store the data. 

b. if you have a need to store data containing sql special characters, quotes in this case, you would apply any escape_string() function or even better yet, simply use a prepared query, right before executing the query, not prior to content being added to the data that contains quotes.

Edited by mac_gyver
  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.