MySQL Lists are EOL. Please join:

List:General Discussion« Previous MessageNext Message »
From:Ed Lazor Date:September 28 2004 4:26pm
Subject:RE: special characters not inserting into database - help
View as plain text  
Try mysql_escape_string instead of addslashes.

Also, I'm not sure why you did it, but you don't need to include your entire
form in the PHP script and echo it.  If you have PHP code before and after
the form, you could use this approach:

<?php
// some pre-form code
?>

Form

<?php
// some post-form code
?>


You could also try escaping the title all of the time rather than
conditionally with the gpc check - just to cross-reference that potential
issue.

-Ed


> -----Original Message-----
> apostrophes ie. a  '  single quote is not "getting into" the database
> fields. So if I entererd in a PHP/MYSQL web page entry field: Sally's
> Website. When I look directly into the column with the MYSQL cmdline I
> see: Sally s Website. Below are the code snips I'm using(I numbered each
> snip to show order of execution), wondered what I should do?:
> 
> 1.<?php
> 
>     echo
>         '<form method="post" action="populate4.php">
> 
>             <H3>Url Field</H3>
>             <input type="text" name="url_field" size=80 maxlength=199>
> 
>             <H3>Title Field</H3>
>             <input type="text" name="title_field" size=80 maxlength=199>
> 
>             <H3>Description Field</H3>
>             <textarea name="descrip_field" rows=15 cols=56
>             maxlength=1000></textarea>
> 
>             <H3>Submit keywords with a file <i>or</i> with the text
> area
>             below</H3>
> 
>             <input TYPE="radio" NAME="Type_Submit" VALUE="radio_file">
>             Use Key Word File
>             <br>
>             <input TYPE="radio" NAME="Type_Submit" VALUE="radio_area"
>             Checked >  Use Key Word Text Area
> 
>             <H3>Keyword file</H3>
>             <input type="text" name="kw_file" size=40
>             maxlength=80><h4><i> or </i></h4>
> 
>             <H3>Keyword text area</H3>
>             <textarea name="kw_tarea" rows=10 cols=40></textarea>
> 
>             <H3>Insert into MYSQL</H3>
>             <input type="submit" value="Insert">
> 
>         </form>';
> ?>
> 
> 2. ....$title_field = $_POST [ 'title_field' ];
> $title_field = trim ( $title_field);
> $title_field = substr($title_field, 0, 200);
> $title_field = EscapeShellCmd($title_field);
> if( !$title_field ) {
>   die( "You need to put a title in the title field." );
> }
> if (!get_magic_quotes_gpc()) {
>    $title_field = addslashes($title_field);
> }....
> 
> 3. ....mysql_query("INSERT INTO page (page_url, title, descrip) VALUES
>         ('$url_field', '$title_field', '$descrip_field')");....

Thread
special characters not inserting into database - helpleegold28 Sep
  • RE: special characters not inserting into database - helpEd Lazor28 Sep