Jump to content

Recommended Posts

Hello,

I think this question has a simple answer, yet it eludes me.. First time working with PHP, so I have a bit of a learning curve. I have a basic reporting tool that uses Apache/PHP with a MySQL back end DB. The forms are fairly simple, some text boxes and such. Submitting the form works just fine unless a field has a [b]'[/b] (tick mark) in it, such as:

[!--coloro:#CC0000--][span style=\"color:#CC0000\"][!--/coloro--].....The box contains a [b]'[/b]widget[b]'[/b] of sorts......[!--colorc--][/span][!--/colorc--]

When a tick mark exists in the text of any field, NOTHING in the entire form gets pushed. I can only assume the problem is that when the submission query string is assembled, that the SQL processer thinks that the tick mark is actually part of the SQL statement, and not body text itself.

My question is, do i need to write a routine that searches for a [b]'[/b] and replaces it with [b]\'[/b] ? or is there a PHP text pre-processer function (or something like that) that i can run chunk of text through that cleans it up? i.e., something that converts a [b]"[/b] (quotation mark) to [b]&quote;[/b] in XML.
Link to comment
https://forums.phpfreaks.com/topic/5504-insertupdate-into-mysql-database/
Share on other sites

When adding anything into a text (or varchar) field in MySQL you should always use either [a href=\"http://www.php.net/addslashes\" target=\"_blank\"]addslashes[/a]() or [a href=\"http://www.php.net/mysql_real_escape_string\" target=\"_blank\"]mysql_real_escape_string[/a]() on the values.

I prefer mysql_real_escape_string().

Ken
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.