Jump to content


Photo

Getting a forward slashes in my text whenever there is an apostrophe


  • Please log in to reply
2 replies to this topic

#1 eldredm

eldredm
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 12 April 2006 - 08:09 PM

I am sure someone has come accross this before:

I am putting togther a content management website, I want to insert some text into a mySQL database. I have a php page with a form to type in my text, then when a submit the info, I re-direct to a validation page to make sure that the user has caputed all the fields.

Should I leave one of the fields out, the script will redirect back to the HTTP referer page with a message below that particular field stating that "this field cannot be a null string" When the script redirects page to the page with the form, every single word that had an apostrophe, now has an apostrophe with a backslash, like so: someone's is now someone\'s.

I think it has something to do with my insert statement:

$query = "INSERT INTO news SET " .
"new_id = NULL, " .
"title = \"" .
$formVars["title"] . "\", " .
"description = \"" .
$formVars["description"] . "\", "
"date = \"".
$formVars["date"] . "\"";

By the way formVars variable is used for validation

Here is some code for validation:

//Validate the description for instance

if(empty($formVars["description"]))
//the description cannot be a null string
$errors["description"] =
"The description field cannot be blank.";
elseif (strlen($formVars["description"]) > 4000)
$errors["description'] =
"The description can be no longer than 4000 " .
"characters";

If I remove the backslashes from the INSERT STATEMENT, then I get a parse error ?
If I fill in all the fields, the validation script writes to the DB, and when I query the DB to display the text from the DB, I still have these back slashes ?

In mySQL DB, my field type is a BLOB,

Any Suggestions please ?

Thankyou
Eldred

#2 earl_dc10

earl_dc10
  • Members
  • PipPipPip
  • Advanced Member
  • 71 posts

Posted 12 April 2006 - 08:21 PM

is it a problem? you could just use stripslashes() when you print the data from the table
got a problem? Google helps many of those in need

#3 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 12 April 2006 - 08:26 PM

You have magic quotes turned on and PHP is being "helpful". It has nothing to do with your sql statement.
Where is the array $formVars being populated?
Try this code: (I assumed that your form is being "POST"ed)
<?php
//Validate the description for instance

//the description cannot be a null string
if(trim(stripslashes($_POST["description"])) == '')
     $errors["description"] = "The description field cannot be blank.";
elseif (strlen(trim(stripslashes($_POST["description"]))) > 4000)
     $errors["description'] = "The description can be no longer than 4000 characters"; 
else $formVar['description'] = trim(stripslashes($_POST['description']));
//
//  etc
//
$query = "INSERT INTO news SET new_id = NULL, title = '" . mysql_real_escape_string($formVars["title"]) . "', description = '" . mysql_real_escape_string($formVars["description"]) . "', date = '" . $formVars["date"] . "'";
$rs = mysql_query($query) or die('Problem with the query: ' . $query . '<br>' . mysql_error());
?>

Ken






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users