Jump to content

MySQL Query Problem


jonoc33

Recommended Posts

Hey guys,

This script is a code that adds a tactic into the database from a form on the previous page (that has fckeditor). It all works fine, but when you add images to the FCKeditor and submit them to the database, the img src="HTTP:// stuffs up the query. How would I go about fixing this?

 

And yes, I have tried mysql_real_escape_string, that does not work.

<?php
include("../include/constants.php");
$db_host = DB_SERVER;
$db_pass = DB_PASS;
$db_user = DB_USER;
$db_table = DB_NAME;
include("../include/header.php");
if(mysql_connect($db_host,$db_user,$db_pass)) {
	if(mysql_select_db($db_table)) {
		$tactic_name = mysql_real_escape_string($_POST['tacticname']);
		$tactic_map = mysql_real_escape_string($_POST["map"]);
		$tactic = mysql_real_escape_string($_POST['tactics']);
		if(mysql_query("INSERT INTO ".TBL_TACTICS." (tacticname, map, tactics) VALUES ('".$tactic_name."','".$tactic_map."','".$tactic."')")) {
			print '<center>Record added. <br /><a href=admin.php>Back</a> </center>';
		}
		else {
			print mysql_error();
		}
	}
	else {
		print mysql_error();
	}
}
else {
	print mysql_error();
}

?> 

Link to comment
https://forums.phpfreaks.com/topic/82976-mysql-query-problem/
Share on other sites

		if(mysql_query("INSERT INTO ".TBL_TACTICS." (tacticname, map, tactics) VALUES ('".$tactic_name."','".$tactic_map."','".$tactics."')")) {
			print '<center>Record added. <br /><a href=admin.php>Back</a> </center>';

It actually doesn't stuff up the query, the query works fine. But the thing that doesn't work is this:

 

I have a hidden textbox right that has all of the tactics from the database, when you hit an Edit button, it takes the POST data and you're able to edit it in a FCKeditor, although the image does not show up, and if you go into the source code, the image link disappears but the img src="" stays there.

Link to comment
https://forums.phpfreaks.com/topic/82976-mysql-query-problem/#findComment-422012
Share on other sites

Replace....

 

if(mysql_query("INSERT INTO ".TBL_TACTICS." (tacticname, map, tactics) VALUES ('".$tactic_name."','".$tactic_map."','".$tactic."')")) {

 

with

 

$sql = "INSERT INTO ".TBL_TACTICS." (tacticname, map, tactics) VALUES ('".$tactic_name."','".$tactic_map."','".$tactic."')";
die($sql);
if (mysql_query($sql)) {

 

and show us the output.

Link to comment
https://forums.phpfreaks.com/topic/82976-mysql-query-problem/#findComment-422033
Share on other sites

Edited.

Heres a bit more info for you guys:

 print "<td nowrap><form name=\"form2\" method=\"post\" action=\"action.php?do=tacticedit1\">";
 print "<input type=\"submit\" name=\"button\" id=\"button\" value=\"Edit\">";
     print "<input name=\"tacticname\" type=\"hidden\" id=\"tacticname\" value=\"".$values['tacticname']."\">";
 print "<input name=\"map\" type=\"hidden\" id=\"map\" value=\"".$values['map']."\">";
 print "<input name=\"tactics\" type=\"hidden\" id=\"tactics\" value=\"".mysql_real_escape_string($values['tactics'])."\">";
     print "</form></td></tr></table>";

There is what displays the edit button for the tactic. Notice the last input how it is a hidden tactics text box.

The output is the Edit button, then next to it it, strangely enough, it has ">. I believe this is to do with the last bit of img html, being />. This interferes with the PHP

"\">";

at the end of the print.

Link to comment
https://forums.phpfreaks.com/topic/82976-mysql-query-problem/#findComment-422051
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.