stuart.cole Posted October 3, 2007 Share Posted October 3, 2007 I know this will be simple for many of you - but I have a challenge! Something to do with rushing things probably ... But ... I have written a CMS system to use on my own websites which inputs news from an online form, adds to DB etc ... but adding the news automatically is causing me a challenge at times. My text input fields, where the text is taken from press releases etc quite often have apostrope's (') in the text - but these seem to be causing a problem when it tries to add the info to the DB... the apostrophe's are taken as part of the input coding, rather than just part of the text. I've found a work around where I can change the ' to ` in word and re-paste and that works, but isn't the right way of doing it. So, is there a way to force it to read an apostrophe as text, rather than code? Code used below ... <table width="400"><H1> INSERT NEWS HERE:</H1><br /><br /> <form action="insert3.php" method="post"> <tr><td>Heading: </td><td><textarea name="heading" cols="40" rows="2"></textarea></td></tr> <tr><td>Subhead: </td><td><textarea name="subhead" cols="40" rows="2"></textarea></td></tr> <tr><td>Main: </td><td><textarea name="main" cols="40" rows="20"></textarea></td></tr> <tr><td>Weblink: </td><td><input size="30" maxlength="250" type="text" name="weblink" value="http://"></td></tr> <tr><td>Date: </td><td><input size="30" maxlength="250" type="text" name="date" value="2007-"></td></tr> <tr><td>Added by: </td><td><select name="added" size="3"> <OPTION VALUE="Laura Cleaver">Laura</OPTION> <OPTION VALUE="Stuart Cole">Stuart</OPTION> <OPTION VALUE="Louise Allatt">Louise</OPTION></select></td></tr> <tr><td>Approved to go live? </td><td><select name="approved" size="2"> <OPTION VALUE="Y">Yes</OPTION> <OPTION VALUE="N">No</OPTION></select></td></tr> <tr><td><input type="submit" name="submit" value="Add News"></td></tr> </form></table> Insert 3 is here... <?php $con = mysql_connect("localhost","USERNAME","PASSWORD"); if (!$con) { die('Could not connect: ' . mysql_error()); }mysql_select_db("secureitonline_db1", $con); $sql="INSERT INTO News (Heading, Subhead, Main, Weblink, Date, Added, approved) VALUES ('$_POST[heading]','$_POST[subhead]','$_POST[main]','$_POST[weblink]','$_POST[date]','$_POST[added]','$_POST[approved]')";if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "News Story Added!"; mysql_close($con) ?> Link to comment https://forums.phpfreaks.com/topic/71645-issue-adding-data-from-a-form/ Share on other sites More sharing options...
shocker-z Posted October 3, 2007 Share Posted October 3, 2007 change your code too <?php $con = mysql_connect("localhost","USERNAME","PASSWORD"); if (!$con) { die('Could not connect: ' . mysql_error()); }mysql_select_db("secureitonline_db1", $con); $sql="INSERT INTO News (Heading, Subhead, Main, Weblink, Date, Added, approved) VALUES ('".$_POST[heading]."','".$_POST[subhead]."','".$_POST['main']."','".$_POST['weblink']."','".$_POST['date']."','".$_POST['added']."','".$_POST['approved']."')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "News Story Added!"; mysql_close($con) ?> you could do with securing your code a bit more also using mysql_real_escape_string() on all $_POST variables which will escape anything like this which can be a security risk. Regards Liam Link to comment https://forums.phpfreaks.com/topic/71645-issue-adding-data-from-a-form/#findComment-360699 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.