Jump to content

Archived

This topic is now archived and is closed to further replies.

eldredm

Getting a forward slashes in my text whenever there is an apostrophe

Recommended Posts

I am sure someone has come accross this before:

I am putting togther a content management website, I want to insert some text into a mySQL database. I have a php page with a form to type in my text, then when a submit the info, I re-direct to a validation page to make sure that the user has caputed all the fields.

Should I leave one of the fields out, the script will redirect back to the HTTP referer page with a message below that particular field stating that "this field cannot be a null string" When the script redirects page to the page with the form, every single word that had an apostrophe, now has an apostrophe with a backslash, like so: [b]someone's is now someone\'s[/b].

I think it has something to do with my insert statement:

$query = "INSERT INTO news SET " .
"new_id = NULL, " .
"title = \"" .
$formVars["title"] . "\", " .
"description = \"" .
$formVars["description"] . "\", "
"date = \"".
$formVars["date"] . "\"";

By the way formVars variable is used for validation

Here is some code for validation:

//Validate the description for instance

if(empty($formVars["description"]))
//the description cannot be a null string
$errors["description"] =
"The description field cannot be blank.";
elseif (strlen($formVars["description"]) > 4000)
$errors["description'] =
"The description can be no longer than 4000 " .
"characters";

If I remove the backslashes from the INSERT STATEMENT, then I get a parse error ?
If I fill in all the fields, the validation script writes to the DB, and when I query the DB to display the text from the DB, I still have these back slashes ?

In mySQL DB, my field type is a BLOB,

Any Suggestions please ?

Thankyou
Eldred

Share this post


Link to post
Share on other sites
is it a problem? you could just use stripslashes() when you print the data from the table

Share this post


Link to post
Share on other sites
You have magic quotes turned on and PHP is being "helpful". It has nothing to do with your sql statement.
Where is the array $formVars being populated?
Try this code: (I assumed that your form is being "POST"ed)
[code]<?php
//Validate the description for instance

//the description cannot be a null string
if(trim(stripslashes($_POST["description"])) == '')
     $errors["description"] = "The description field cannot be blank.";
elseif (strlen(trim(stripslashes($_POST["description"]))) > 4000)
     $errors["description'] = "The description can be no longer than 4000 characters";
else $formVar['description'] = trim(stripslashes($_POST['description']));
//
//  etc
//
$query = "INSERT INTO news SET new_id = NULL, title = '" . mysql_real_escape_string($formVars["title"]) . "', description = '" . mysql_real_escape_string($formVars["description"]) . "', date = '" . $formVars["date"] . "'";
$rs = mysql_query($query) or die('Problem with the query: ' . $query . '<br>' . mysql_error());
?>[/code]

Ken

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.