Jump to content

Archived

This topic is now archived and is closed to further replies.

aeris130

<br> and '

Recommended Posts

So I have the following query:

[code]$query = "INSERT INTO tbl1 VALUES ('','$name','$info','$phone','$various')";[/code]

The variables are being given their values by typing them in via text-fields, and later submited by calling insert.php.

First of all, I'm curious as to how I enable myself to type 's and still be able to submit the query. I've read about add-slashes, but I couldn't grasp it completely (that is, I know that adding \\ before ' bypasses this problem, it's the function addslashes that I haven't grasped). Could someone give an example of the above mentioned query, complete with add-slashes (unless there's a better solution, that is)?

Another problem is that any linebreaks typed into the fields, result in all data below the first linebreak being lost. Is there a way to convert linebreaks to html (I suppose <br> would suffice) upon submission?

Share this post


Link to post
Share on other sites
Please read [a href=\"http://www.nyphp.org/phundamentals/storingretrieving.php\" target=\"_blank\"]this article[/a] which explains the need to escape quotes (and other characters) when inserting data into a database very well.

When you want to display data to the screen, us the functions nl2br() to add the "<br />" tag before a newline character and htmlenties() to keep tags in the data from screwing up the display.

Ken

Share this post


Link to post
Share on other sites
To use addalshes you just do this:
[code]$var = addslashes($var);[/code]

Also its not two \\ but one.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.