Michan Posted October 9, 2007 Share Posted October 9, 2007 Hi there, I've ran into a problem. I'm trying to get any given article from a database and insert it into a different table. Everything works, except for the article content, as it often contains characters that interfere with the query (namely " and '). How can I resolve this? Is there a way I can convert the ' and " so they don't interfere with the query? I'm pretty stuck here. Thanks in advance! Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted October 9, 2007 Share Posted October 9, 2007 could you post some code please Quote Link to comment Share on other sites More sharing options...
Michan Posted October 9, 2007 Author Share Posted October 9, 2007 Sure. if ($_COOKIE['member_id'] == $showarticle['authorid']) { $getinfo = mysql_query('SELECT * FROM vg_articles WHERE id = '.$_GET['delete']); while($useinfo = mysql_fetch_array($getinfo)) { mysql_query('INSERT INTO vg_articles_deleted (timestamp, deletedby, articleid, sid, tid, title, content, album, thumbnail, type, author, authorid, last_edited, category, game, game_name, saved, news, event, preview, link, views, views_today, views_week, views_month, autobr, level, priority, validation, flag_status, flag_notes, image) VALUES ("'.$useinfo['timestamp'].'", "'.$_COOKIE['member_id'].'", "'.$useinfo['id'].'", "'.$useinfo['sid'].'", "'.$useinfo['tid'].'", "'.$useinfo['title'].'", "'.$useinfo['content'].'", "'.$useinfo['album'].'", "'.$useinfo['thumbnail'].'", "'.$useinfo['type'].'", "'.$useinfo['author'].'", "'.$useinfo['authorid'].'", "'.$useinfo['last_edited'].'", "'.$useinfo['category'].'", "'.$useinfo['game'].'", "'.$useinfo['game_name'].'", "'.$useinfo['saved'].'", "'.$useinfo['news'].'", "'.$useinfo['event'].'", "'.$useinfo['preview'].'", "'.$useinfo['link'].'", "'.$useinfo['views'].'", "'.$useinfo['views_today'].'", "'.$useinfo['views_week'].'", "'.$useinfo['views_month'].'", "'.$useinfo['autobr'].'", "'.$useinfo['level'].'", "'.$useinfo['priority'].'", "'.$useinfo['validation'].'", "'.$useinfo['flag_status'].'", "'.$useinfo['flag_notes'].'", "'.$useinfo['image'].'")'); mysql_query('DELETE FROM vg_articles WHERE id = '.$_GET['delete']); } echo('The article has been deleted.'); include("includes/footer.php"); die(); } The "content" often (but not always) contains ' and " characters, such as: "The sky is blue," said anonymous. The code works, providing the article contains no ' or "s - which is the problem, as that's a rare occasion. Thanks in advance! Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted October 9, 2007 Share Posted October 9, 2007 this line: <?php $getinfo = mysql_query('SELECT * FROM vg_articles WHERE id = '.$_GET['delete']); change it to this: <?php $getinfo = mysql_query("SELECT * FROM vg_articles WHERE id =" . $_GET['delete'] . ""); and this line: <?php mysql_query('DELETE FROM vg_articles WHERE id = '.$_GET['delete']); change it to this: <?php mysql_query("DELETE FROM vg_articles WHERE id =" . $_GET['delete'] . ""); I believe you could use the substr() function to replace all ' and " with a blank space or whatever you want. Regards ACE Quote Link to comment Share on other sites More sharing options...
Michan Posted October 9, 2007 Author Share Posted October 9, 2007 I believe you could use the substr() function to replace all ' and " with a blank space or whatever you want. This is my problem - how would I apply that function to this? The 's and "s just seem to break my code. Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted October 9, 2007 Share Posted October 9, 2007 yeah, I see what you mean, I'm really weak in the Area of replacing text/strings, etc. :-\ Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted October 9, 2007 Share Posted October 9, 2007 First off, making the changes recommended by MasterACE won't accomplish anything. Second, check the MySQL documentation for INSERT ... SELECT. http://dev.mysql.com/doc/refman/5.0/en/insert-select.html You can directly insert from one table into another if you build your query correctly. Let us know if you get stuck from there. Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted October 9, 2007 Share Posted October 9, 2007 First off, making the changes recommended by MasterACE won't accomplish anything. thanks lol Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted October 9, 2007 Share Posted October 9, 2007 Heh, sorry. But you can prove to yourself they're the same by echo'ing each of the queries. The changes you recommended produce the same results. The problem stems from the OP not using mysql_real_escape_string() to clean all of the data before inserting it. However, there is a quick and painless way to accomplish what he wants. So before he rights a ton of messy code that sanitizes everything, it would be better to show the OP the easy way. Quote Link to comment Share on other sites More sharing options...
Michan Posted October 9, 2007 Author Share Posted October 9, 2007 Thanks guys, it works. All is well in the world. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.