I have created a news script and to my dismay, the script is breaking when
there is a single quote - ' - in a form that goes to the database. Any
solutions?

The text of the script is below. 

---
<title>E3 Confirm News</title>
<html>
<font size=+2>E3 Confirm News Page</font><p>
Make the necessary edits and the story will be considered "live" once you
check the box and submit. If you want to pull the story, just uncheck the
box and submit. <p>
Both Chris and Matt will get an email when a story has been confirmed. <p>
Also, you can enter fresh stories directly into this page. 
 
<?php

if (($submitcheck) and (($password == "xxxxx") or ($password == "xxxxx")))
{
if ($ready=="on")
{
$subject = "Confirmed: " . $top;
$message .=  "\n \n Tease: \n";
$message .= $tease;
$message .=  "\n \n Body: \n";
$message .= $body; 
$message .=  "\n \n Link: ";
$message .=
"http://www.well-rounded.com/games/e32k1/confirmnews.php?id=$id";
mail("[EMAIL PROTECTED]", $subject, $message);
mail("[EMAIL PROTECTED]", $subject, $message);
$flag = "1";
}

require("/home/well-rounded.com/cgi-bin/dbinfo.inc");
mysql_connect(localhost,$user,$password);

@mysql_select_db($db) or die( "Unable to select database");

$query="select * from e32k1_data where id = '$id'";
$result=mysql_query($query);

$num=mysql_numrows($result);

if ($num == 0)
{
$query="insert into e32k1_data values('$type', '$id', '$filedate', '$top',
'$tease', '$story', '$flag', '$flag2')";

$result=mysql_query($query);

mysql_close();

} else {
$query="update e32k1_data set type='n', id='$id', filedate='$filedate',
top='$top', tease='$tease', body='$body', flag='$flag' where id = '$id'";

$result=mysql_query($query);

mysql_close();

}
?>
<p>
<hr>
<i>Mockup</i>
<?
Include("/home/well-rounded.com/html/games/e32k1/viewnews.php");
?>
<hr>
Submitted Data

<form method=post><p>
Enter the Info:<br>
Password:
<input type=text name="password" maxlength=5 length=5><br>
<input type=hidden name="type" value="n">
ID:
<input type=text name="id" maxlength=15 value="<?
echo $id;
?>">
<br>
FileDate:
<input type=text name="filedate" maxlength=15 value="<?
echo $filedate;
?>"><br>
Top:
<input type=text name="top" maxlength=200 value="<?
echo $top;
?>"><br>
Tease:
<input type=text name="tease" maxlength=200 value="<?
echo $tease;
?>"><br>
Body:
<TEXTAREA name="body" rows=10 cols=45 wrap=virtual>
<?
echo $body;
?></TextArea><br>
<input type=hidden name="submitcheck" value="1">
<input type=checkbox name="ready">Ready for Prime Time?<br>
<INPUT name="submit" type="submit" value="Post Your Story">
<?

} else {

if ($id)
{
require("/home/well-rounded.com/cgi-bin/dbinfo.inc");
mysql_connect(localhost,$user,$password);

@mysql_select_db($db) or die( "Unable to select database");

$query="select * from e32k1_data where id = '$id'";

$result=mysql_query($query) or die( "Unable to get the damn table");

mysql_close();

$type=mysql_result($result,0,"type");
$id=mysql_result($result,0,"id");
$filedate=mysql_result($result,0,"filedate");
$top=mysql_result($result,0,"top");
$tease=mysql_result($result,0,"tease");
$body=mysql_result($result,0,"body");
$flag=mysql_result($result,0,"flag");
$flag2=mysql_result($result,0,"flag2");
 
?>
<p>
<hr>
<i>Mockup</i>
<?
Include("/home/well-rounded.com/html/games/e32k1/viewnews.php");
?>
<hr>

No submit, but an ID
<form method=post><p>
Enter the Info:<br>
Password:
<input type=text name="password" maxlength=5 length=5><br>
<input type=hidden name="type" value="n">
ID:
<input type=text name="id" maxlength=15 value="<?
echo $id;
?>">
<br>
FileDate:
<input type=text name="filedate" maxlength=15 value="<?
echo $filedate;
?>"><br>
Top:
<input type=text name="top" maxlength=200 value="<?
echo $top;
?>"><br>
Tease:
<input type=text name="tease" maxlength=200 value="<?
echo $tease;
?>"><br>
Body:
<TEXTAREA name="body" rows=10 cols=45 wrap=virtual><?
echo $body;
?></TextArea><br>
<input type=hidden name="submitcheck" value="1">
<input type=checkbox name="ready">Ready for Prime Time?<br>
<INPUT name="submit" type="submit" value="Post Your Story">

<?
} else { 
?>

No Nothing
<form method=post><p>
Enter the Info:<br>
Password:
<input type=text name="password" maxlength=5 length=5><br>
<input type=hidden name="type" value="n">
ID:
<input type=text name="id" maxlength=15><br>
FileDate:
<input type=text name="filedate" maxlength=15 value=<?
$today = getdate(); 
$month = $today[month]; 
$mday = $today[mday]; 
$year = $today[year]; 
echo "$month$mday$year";
?>><br>
Top:
<input type=text name="top" maxlength=200><br>
Tease:
<input type=text name="tease" maxlength=200><br>
<input type=hidden name="submitcheck" value="1">
Body:
<TEXTAREA name="body" rows=10 cols=45 wrap=virtual></TextArea><br>
<input type=checkbox name="ready">Ready for Prime Time?<br>
<INPUT name="submit" type="submit" value="Post Your Story"> 

<?
}
}
?>


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to