RE: special characters not inserting into database - help

Tue, 28 Sep 2004 09:29:53 -0700 

Try mysql_escape_string instead of addslashes.

Also, I'm not sure why you did it, but you don't need to include your entire
form in the PHP script and echo it.  If you have PHP code before and after
the form, you could use this approach:

<?php
// some pre-form code
?>

Form

<?php
// some post-form code
?>


You could also try escaping the title all of the time rather than
conditionally with the gpc check - just to cross-reference that potential
issue.

-Ed


> -----Original Message-----
> apostrophes ie. a  '  single quote is not "getting into" the database
> fields. So if I entererd in a PHP/MYSQL web page entry field: Sally's
> Website. When I look directly into the column with the MYSQL cmdline I
> see: Sally s Website. Below are the code snips I'm using(I numbered each
> snip to show order of execution), wondered what I should do?:
> 
> 1.<?php
> 
>     echo
>         '<form method="post" action="populate4.php">
> 
>             <H3>Url Field</H3>
>             <input type="text" name="url_field" size=80 maxlength=199>
> 
>             <H3>Title Field</H3>
>             <input type="text" name="title_field" size=80 maxlength=199>
> 
>             <H3>Description Field</H3>
>             <textarea name="descrip_field" rows=15 cols=56
>             maxlength=1000></textarea>
> 
>             <H3>Submit keywords with a file <i>or</i> with the text area
>             below</H3>
> 
>             <input TYPE="radio" NAME="Type_Submit" VALUE="radio_file">
>             Use Key Word File
>             <br>
>             <input TYPE="radio" NAME="Type_Submit" VALUE="radio_area"
>             Checked >  Use Key Word Text Area
> 
>             <H3>Keyword file</H3>
>             <input type="text" name="kw_file" size=40
>             maxlength=80><h4><i> or </i></h4>
> 
>             <H3>Keyword text area</H3>
>             <textarea name="kw_tarea" rows=10 cols=40></textarea>
> 
>             <H3>Insert into MYSQL</H3>
>             <input type="submit" value="Insert">
> 
>         </form>';
> ?>
> 
> 2. ....$title_field = $_POST [ 'title_field' ];
> $title_field = trim ( $title_field);
> $title_field = substr($title_field, 0, 200);
> $title_field = EscapeShellCmd($title_field);
> if( !$title_field ) {
>   die( "You need to put a title in the title field." );
> }
> if (!get_magic_quotes_gpc()) {
>    $title_field = addslashes($title_field);
> }....
> 
> 3. ....mysql_query("INSERT INTO page (page_url, title, descrip) VALUES
>         ('$url_field', '$title_field', '$descrip_field')");....


-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/[EMAIL PROTECTED]

Reply via email to