pouncer Posted January 22, 2007 Share Posted January 22, 2007 Basically, I give my users a massive text area in their profile section to write their interests and stuff. My question is how exactly should i insert it into my database because i have to deal with escape chars or whatever??$Interests = stripslashes($_POST['txt_Interests']);$profile = mysql_query("UPDATE user_profile SET Interests = '$Interests' WHERE user_id = '$user_id'");but i think it's giving errors on insert if i put escape chars in my interests etc, can someone please show me correct way off adding it to database? Link to comment https://forums.phpfreaks.com/topic/35253-inserting-large-text-chunks-into-database/ Share on other sites More sharing options...
ShogunWarrior Posted January 22, 2007 Share Posted January 22, 2007 use mysql_escape_string Link to comment https://forums.phpfreaks.com/topic/35253-inserting-large-text-chunks-into-database/#findComment-166535 Share on other sites More sharing options...
Jessica Posted January 22, 2007 Share Posted January 22, 2007 Or stop striping the slashes... Link to comment https://forums.phpfreaks.com/topic/35253-inserting-large-text-chunks-into-database/#findComment-166538 Share on other sites More sharing options...
pouncer Posted January 22, 2007 Author Share Posted January 22, 2007 $Interests = mysql_escape_string(stripslashes($_POST['txt_Interests']));is that ok? Link to comment https://forums.phpfreaks.com/topic/35253-inserting-large-text-chunks-into-database/#findComment-166545 Share on other sites More sharing options...
pouncer Posted January 22, 2007 Author Share Posted January 22, 2007 ok i have problems[code=php:0] if (isset($_POST['Save_Profile'])) { $user_id = $_SESSION['UserID']; $Status = stripslashes($_POST['sel_Status']); $Forename = stripslashes($_POST['txt_Name']); $Surname = stripslashes($_POST['txt_Surname']); $Age = stripslashes($_POST['txt_Age']); $Gender = stripslashes($_POST['sel_Gender']); $Location = stripslashes($_POST['txt_Location']); $Marital_Status = stripslashes($_POST['sel_MS']); $Occupation = stripslashes($_POST['txt_Occupation']); $AboutMe = stripslashes($_POST['txt_AboutMe']); $Interests = mysql_escape_string($_POST['txt_Interests']); $Quotes = stripslashes($_POST['txt_Quotes']); $profile = mysql_query("UPDATE user_profile SET Profile_Status = '$Status', Forename = '$Forename', Surname = '$Surname', Age = '$Age', Gender = '$Gender', Location = '$Location', Marital_Status = '$Marital_Status', Occupation = '$Occupation', About_Me = '$AboutMe', Interests = '$Interests', Fav_Quotes = '$Quotes' WHERE user_id = '$user_id' ") or die (mysql_error()); if ($profile) { echo "Your profile has been saved, please wait 2 seconds."; echo "<meta http-equiv=\"refresh\" content=\"2; url=myprofile.php\" />"; } }[/code]If i put in my interests:Hello what's upi get this errorYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's up', Interests = '', Fav_Quotes = ''i'm guessing its the word: what's and the ' is clashing Link to comment https://forums.phpfreaks.com/topic/35253-inserting-large-text-chunks-into-database/#findComment-166546 Share on other sites More sharing options...
pouncer Posted January 22, 2007 Author Share Posted January 22, 2007 never mind thanks guys i sorted it.when inserting into database i used mysql_escape_stringand when presenting the data i used stripslashes Link to comment https://forums.phpfreaks.com/topic/35253-inserting-large-text-chunks-into-database/#findComment-166547 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.