monika Posted July 20, 2007 Share Posted July 20, 2007 The below is the announcement php code.. this code fails to handle diffrent character like ['] when ever i type monika's and click send button to dump in mysql it does not do. It does not recoz other simillar charcter too.. Could any one pls help me for this... ---------- <?php include ("config.php"); ?> <?php if((isset($act)) && ($act=="action")){ $dates=date("Y-m-d"); echo "<div class=text>Data successfully updated on ". $dates. "<br> please wait while your browser redirects you to the main admin page.....</div>"; $sql=mysql_query("update announcement set date='$dates', title='$announce1', text='$detail1', title1='$announce2', text1='$detail2', title2='$announce3', text2='$detail3'"); ?> <script language="javascript"> setTimeout('test()',2000); function test(){ window.location.href="../index.php" } </script> <?php }else{ echo 'You are not allowed here'; ?> <script language="javascript"> setTimeout('test()',1500); function test(){ window.location.href="index.php" } </script> <?php } ?> Link to comment https://forums.phpfreaks.com/topic/60889-unable-to-handle-few-character/ Share on other sites More sharing options...
benjaminbeazy Posted July 20, 2007 Share Posted July 20, 2007 http://us.php.net/manual/en/function.mysql-real-escape-string.php Link to comment https://forums.phpfreaks.com/topic/60889-unable-to-handle-few-character/#findComment-302986 Share on other sites More sharing options...
monika Posted July 20, 2007 Author Share Posted July 20, 2007 well every use does not have php knowledge so they will just type and send.. if they type 's or some unhandle keyword then their announce will not get display... so what to do i need to add some magic code in that code..so tell me what to add or edit... pls Link to comment https://forums.phpfreaks.com/topic/60889-unable-to-handle-few-character/#findComment-303020 Share on other sites More sharing options...
benjaminbeazy Posted July 20, 2007 Share Posted July 20, 2007 use addslashes on all input before processing query Link to comment https://forums.phpfreaks.com/topic/60889-unable-to-handle-few-character/#findComment-303023 Share on other sites More sharing options...
TheFilmGod Posted July 20, 2007 Share Posted July 20, 2007 turn magic quotes on in the php.ini file. Its good for security and for your script! Link to comment https://forums.phpfreaks.com/topic/60889-unable-to-handle-few-character/#findComment-303042 Share on other sites More sharing options...
monika Posted July 20, 2007 Author Share Posted July 20, 2007 didn't got u.. here's the form code.. <input type="text" name="announce1" value="<?php echo $data->title; ?>" /></td> <tr> <td><textarea name="detail1" rows="3"><?php echo $data->text; ?></textarea></td> Link to comment https://forums.phpfreaks.com/topic/60889-unable-to-handle-few-character/#findComment-303049 Share on other sites More sharing options...
TheFilmGod Posted July 20, 2007 Share Posted July 20, 2007 addslashes() after query and in the form you just gave me do stripslashes(). Is like you first allow it into mysql that is somewhat encoded and then you decode it again for use! Link to comment https://forums.phpfreaks.com/topic/60889-unable-to-handle-few-character/#findComment-303054 Share on other sites More sharing options...
monika Posted July 20, 2007 Author Share Posted July 20, 2007 well ya first into mysql and then it decoe to browser.. Link to comment https://forums.phpfreaks.com/topic/60889-unable-to-handle-few-character/#findComment-303068 Share on other sites More sharing options...
monika Posted July 20, 2007 Author Share Posted July 20, 2007 // Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON if(get_magic_quotes_gpc()) { $detail1 = stripslashes($_POST['text']); $announce2 = stripslashes($_POST['title1']); } else { $detail1 = $_POST['text']; $announce2 = $_POST['title1']; } if(get_magic_quotes_gpc()) { $detail2 = stripslashes($_POST['text1']); $announce3 = stripslashes($_POST['title2']); } else { $detail2 = $_POST['text1']; $announce3 = $_POST['title12']; } if(get_magic_quotes_gpc()) { $detail3 = stripslashes($_POST['text2']); $announce4 = stripslashes($_POST['title3']); } else { $detail3 = $_POST['text2']; $announce4 = $_POST['title3']; } // is that ok.. i dont knw.. Link to comment https://forums.phpfreaks.com/topic/60889-unable-to-handle-few-character/#findComment-303085 Share on other sites More sharing options...
monika Posted July 20, 2007 Author Share Posted July 20, 2007 well help me fren.. i'm totally confused... how to trick that magic quotes... Link to comment https://forums.phpfreaks.com/topic/60889-unable-to-handle-few-character/#findComment-303490 Share on other sites More sharing options...
per1os Posted July 20, 2007 Share Posted July 20, 2007 Don't use the magic quotes, they do no good. Especially since they are being depreciated. <?php if((isset($act)) && ($act=="action")){ $dates=date("Y-m-d"); echo "<div class=text>Data successfully updated on ". $dates. "<br> please wait while your browser redirects you to the main admin page.....</div>"; $sql=mysql_query("update announcement set date='$dates', title='" . mysql_real_escape_string($announce1) . "', text='" . mysql_real_escape_string($detail1) . "', title1='" . mysql_real_escape_string($announce2) . "', text1='" . mysql_real_escape_string($detail2) . "', title2='" . mysql_real_escape_string($announce3) . "', text2='" . mysql_real_escape_string($detail3) . "'"); ?> <script language="javascript"> setTimeout('test()',2000); function test(){ window.location.href="../index.php" } </script> <?php }else{ echo 'You are not allowed here'; ?> <script language="javascript"> setTimeout('test()',1500); function test(){ window.location.href="index.php" } </script> <?php } ?> That should solve your problem. The first post referenced the right function. www.php.net/mysql_real_escape_string I suggest you read up on it. Link to comment https://forums.phpfreaks.com/topic/60889-unable-to-handle-few-character/#findComment-303496 Share on other sites More sharing options...
monika Posted July 20, 2007 Author Share Posted July 20, 2007 yapee ur write... "'. mysql_real_escape_string($_variable_) ."' this slove the problemm.. ya magic quotes yekh :-X Thanx once again... Link to comment https://forums.phpfreaks.com/topic/60889-unable-to-handle-few-character/#findComment-303626 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.