SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Member
    Join Date
    Jan 2003
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP Web based "Article Manager" insert problems

    Although I am not new to programming, I am new to PHP so bare with me.

    I am trying to create a web based "Article Manager" with PHP, but am having problems inserting the actual body of any of the articles as they are written in HTML. I am using Dreamweaver MX to create the basic shell of the code and then going back and hand coding the rest to make it work like I need it to. Below I have included the MySQL statements that I used to create my tables as well as some of my insert code. Any help on this issue would be greatly appreciated.

    Code:
    CREATE TABLE Articles (
      ID int(10) unsigned NOT NULL auto_increment,
      Category int(10) unsigned NOT NULL default '0',
      Title varchar(200) NOT NULL default '',
      Author varchar(200) NOT NULL default '',
      Link varchar(255) default NULL,
      Body text NOT NULL,
      PRIMARY KEY  (ID),
      FULLTEXT KEY Title (Title,Body)
    );
     
    CREATE TABLE Category (
      C_ID int(10) unsigned NOT NULL auto_increment,
      Category varchar(255) default NULL,
      PRIMARY KEY  (C_ID)
    )
    PHP Code:
    function GetSQLValueString($theValue$theType$theDefinedValue ""$theNotDefinedValue ""
    {
      
    $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
      switch (
    $theType) {
        case 
    "text":
          
    $theValue = ($theValue != "") ? "'" $theValue "'" "NULL";
          break;    
        case 
    "long":
        case 
    "int":
          
    $theValue = ($theValue != "") ? intval($theValue) : "NULL";
          break;
        case 
    "double":
          
    $theValue = ($theValue != "") ? "'" doubleval($theValue) . "'" "NULL";
          break;
        case 
    "date":
          
    $theValue = ($theValue != "") ? "'" $theValue "'" "NULL";
          break;
        case 
    "defined":
          
    $theValue = ($theValue != "") ? $theDefinedValue $theNotDefinedValue;
          break;
      }
      return 
    $theValue;
    }
     
    $editFormAction $HTTP_SERVER_VARS['PHP_SELF'];
    if (isset(
    $HTTP_SERVER_VARS['QUERY_STRING'])) {
      
    $editFormAction .= "?" $HTTP_SERVER_VARS['QUERY_STRING'];
    }
     
    if ((isset(
    $HTTP_POST_VARS["MM_insert"])) && ($HTTP_POST_VARS["MM_insert"] == "form1")) {
      
    $insertSQL sprintf("INSERT INTO Articles (Category, Title, Author, Link, Body) VALUES (%s,%s,%s,%s,%s)",
                           
    GetSQLValueString($HTTP_POST_VARS['Category'], "int"),
                           
    GetSQLValueString($HTTP_POST_VARS['Title'], "text"),
                           
    GetSQLValueString($HTTP_POST_VARS['Author'], "text"),
                           
    GetSQLValueString($HTTP_POST_VARS['Link'], "text"),
                          
    str_replace(GetSQLValueString($HTTP_POST_VARS['Body'], "text"),"'","''"));

      
    mysql_select_db($database_dbname$connect_string);
      
    $Result1 mysql_query($insertSQL$connect_string) or die(mysql_error());


    The str_replace() function used above is to replace any single quotes with double single quotes so if someone types a single quote in the body of the article, the insert wont bomb. The Dreamweaver function GetSQLValueString() is used to properly type cast the values before they are inserted into the database (I think).

    The above code produces NO errors, yet inserts every field except "Body." The value of $Result1 at the end of the insert is "1".

    The ONLY way I can get it to insert the body is to use the function htmlspecialchars(), but it converts all of my "<" and ">" into "&lt;" and "&gt;" which means that when I display the article on a web page, it shows the html code instead of the interpreted document.

    I am also using a similar plug in to Editize (except it does not work on multiple platforms) for the WYSIWYG textarea to allow the user to do the HTML formating. And yes, I have verified that textarea's name is "Body" so I'm at a loss.

    Thanks,
    Stiles
    stiles.watson@iname.com

  2. #2
    SitePoint Wizard siteguru's Avatar
    Join Date
    Oct 2002
    Location
    Scotland
    Posts
    3,631
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Unless I am missing something, don't you need the str_replace before you use your GetSQLValueString() function?

    PHP Code:
    GetSQLValueString(str_replace($HTTP_POST_VARS['Body'], "'""''"), "text" ); 
    Ian Anderson
    www.siteguru.co.uk


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •