jonoc33 Posted December 23, 2007 Share Posted December 23, 2007 Hey guys, This script is a code that adds a tactic into the database from a form on the previous page (that has fckeditor). It all works fine, but when you add images to the FCKeditor and submit them to the database, the img src="HTTP:// stuffs up the query. How would I go about fixing this? And yes, I have tried mysql_real_escape_string, that does not work. <?php include("../include/constants.php"); $db_host = DB_SERVER; $db_pass = DB_PASS; $db_user = DB_USER; $db_table = DB_NAME; include("../include/header.php"); if(mysql_connect($db_host,$db_user,$db_pass)) { if(mysql_select_db($db_table)) { $tactic_name = mysql_real_escape_string($_POST['tacticname']); $tactic_map = mysql_real_escape_string($_POST["map"]); $tactic = mysql_real_escape_string($_POST['tactics']); if(mysql_query("INSERT INTO ".TBL_TACTICS." (tacticname, map, tactics) VALUES ('".$tactic_name."','".$tactic_map."','".$tactic."')")) { print '<center>Record added. <br /><a href=admin.php>Back</a> </center>'; } else { print mysql_error(); } } else { print mysql_error(); } } else { print mysql_error(); } ?> Quote Link to comment Share on other sites More sharing options...
papaface Posted December 23, 2007 Share Posted December 23, 2007 Where is it being inserted in the code? Which variable. Quote Link to comment Share on other sites More sharing options...
jonoc33 Posted December 23, 2007 Author Share Posted December 23, 2007 if(mysql_query("INSERT INTO ".TBL_TACTICS." (tacticname, map, tactics) VALUES ('".$tactic_name."','".$tactic_map."','".$tactics."')")) { print '<center>Record added. <br /><a href=admin.php>Back</a> </center>'; It actually doesn't stuff up the query, the query works fine. But the thing that doesn't work is this: I have a hidden textbox right that has all of the tactics from the database, when you hit an Edit button, it takes the POST data and you're able to edit it in a FCKeditor, although the image does not show up, and if you go into the source code, the image link disappears but the img src="" stays there. Quote Link to comment Share on other sites More sharing options...
papaface Posted December 23, 2007 Share Posted December 23, 2007 What exactly is being inserted, and which variable is it. Quote Link to comment Share on other sites More sharing options...
jonoc33 Posted December 23, 2007 Author Share Posted December 23, 2007 In the FCKeditor it has this: <img src="http://clan.revolutiongamerz.net/alpha/images/files/upload/cs_compound.jpg" alt="" /> Quote Link to comment Share on other sites More sharing options...
papaface Posted December 23, 2007 Share Posted December 23, 2007 Try escaping the quotes <img src=\"http://clan.revolutiongamerz.net/alpha/images/files/upload/cs_compound.jpg\" alt=\"\" /> Quote Link to comment Share on other sites More sharing options...
jonoc33 Posted December 23, 2007 Author Share Posted December 23, 2007 It does that automatically using mysql_real_escape_string, and it still does not output properly. If I do it manually and hit submit it just changes the http link to several slashes. Quote Link to comment Share on other sites More sharing options...
papaface Posted December 23, 2007 Share Posted December 23, 2007 I have no idea what your problem is. Maybe you should try posting an error or some erroneous code or something... Quote Link to comment Share on other sites More sharing options...
trq Posted December 23, 2007 Share Posted December 23, 2007 Replace.... if(mysql_query("INSERT INTO ".TBL_TACTICS." (tacticname, map, tactics) VALUES ('".$tactic_name."','".$tactic_map."','".$tactic."')")) { with $sql = "INSERT INTO ".TBL_TACTICS." (tacticname, map, tactics) VALUES ('".$tactic_name."','".$tactic_map."','".$tactic."')"; die($sql); if (mysql_query($sql)) { and show us the output. Quote Link to comment Share on other sites More sharing options...
jonoc33 Posted December 23, 2007 Author Share Posted December 23, 2007 INSERT INTO alpha_tactics (tacticname, map, tactics) VALUES ('dsfsd','dfssf',' \\\"\\\" ') The last bit (\\\"\\\") was <img src="http://clan.revolutiongamerz.net/alpha/images/cs_compound.jpg" alt="" /> Quote Link to comment Share on other sites More sharing options...
trq Posted December 24, 2007 Share Posted December 24, 2007 Post the output within [ code ] [ / code ] tags so we can actually see it. Quote Link to comment Share on other sites More sharing options...
jonoc33 Posted December 24, 2007 Author Share Posted December 24, 2007 Edited. Heres a bit more info for you guys: print "<td nowrap><form name=\"form2\" method=\"post\" action=\"action.php?do=tacticedit1\">"; print "<input type=\"submit\" name=\"button\" id=\"button\" value=\"Edit\">"; print "<input name=\"tacticname\" type=\"hidden\" id=\"tacticname\" value=\"".$values['tacticname']."\">"; print "<input name=\"map\" type=\"hidden\" id=\"map\" value=\"".$values['map']."\">"; print "<input name=\"tactics\" type=\"hidden\" id=\"tactics\" value=\"".mysql_real_escape_string($values['tactics'])."\">"; print "</form></td></tr></table>"; There is what displays the edit button for the tactic. Notice the last input how it is a hidden tactics text box. The output is the Edit button, then next to it it, strangely enough, it has ">. I believe this is to do with the last bit of img html, being />. This interferes with the PHP "\">"; at the end of the print. Quote Link to comment Share on other sites More sharing options...
jonoc33 Posted December 24, 2007 Author Share Posted December 24, 2007 Dont worry about it guys - probably a bit too complex, you have to see it first hand to know what i'm talking about. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.