erfg1 Posted March 16, 2007 Share Posted March 16, 2007 I made a bug report script so people can report them, and an administrator could read them, and edit them. However, if someone reported something and put a special character like ' when i would go to edit and re-submit, it would say that its a syntax error. I've fixed this in my previous scripts however, i lost them, and can't recall how to do it. Basically I want to UPDATE. Basically editing another field, but not their original report containing a ' and wanting to re-submit without editing their report. $sql5 = "UPDATE cm_bugreport SET version = '$version', name = '$name_edit', bug = '$bug', status = '$status', comments = '$comments' WHERE id = '$id'"; $db->sql_query($sql5); Link to comment https://forums.phpfreaks.com/topic/43054-solved-cant-use-special-characters/ Share on other sites More sharing options...
redarrow Posted March 16, 2007 Share Posted March 16, 2007 stripslashes(); Link to comment https://forums.phpfreaks.com/topic/43054-solved-cant-use-special-characters/#findComment-209133 Share on other sites More sharing options...
per1os Posted March 16, 2007 Share Posted March 16, 2007 You don't want to use stripslashes, bad habit. Use mysql_real_escape_string($val) on all of your variable before you input them into the $sql, this will prevent SQL Injection and escape anything that will cause a mysql_Error. Link to comment https://forums.phpfreaks.com/topic/43054-solved-cant-use-special-characters/#findComment-209135 Share on other sites More sharing options...
erfg1 Posted March 16, 2007 Author Share Posted March 16, 2007 Is this right? $sql5 = "UPDATE cm_bugreport SET version = '". mysql_real_escape_string($version) .", name = '$name_edit', bug = '$bug', status = '$status', comments = '$comments' WHERE id = '$id'"; Cause im still getting errors back. EDIT: nvm, this is how it should be. $sql5 = "UPDATE cm_bugreport SET version = '". mysql_real_escape_string("$version") ."', name = '$name_edit', bug = '$bug', status = '$status', comments = '$comments' WHERE id = '$id'"; Link to comment https://forums.phpfreaks.com/topic/43054-solved-cant-use-special-characters/#findComment-209192 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.