SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Evangelist Deano's Avatar
    Join Date
    Mar 2003
    Location
    Derbyshire, UK
    Posts
    487
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Angry htmlspecialchars ?

    Hi all, we had an upload system which was working just fine on our current server. However when we moved our server over adding files and content is a real pain in the bumb.

    for some unknown reason I cant seem to post 'hyphons' in forms it just kicks out errors.

    I was wondering what could i do to make the server accept hyphons in content, is it something in my code ive written or is it something in the server settings.

    Here's a snippet of code ive written to add news items :

    PHP Code:
      if (isset($_POST['submit'])):
      
    $headline $_POST['headline'];
      
    $content $_POST['content'];
      
    $origin $_POST['origin'];
      
    $author $_POST['author'];
     
      
      
    $sql "INSERT INTO articles SET
      headline='
    $headline',
      content='
    $content',
      origin='
    $origin',
      author='
    $author',
      date=CURDATE()"

    using the above to enter a news item throws this error out at me
    Code:
    Error adding News: You have an error in your SQL syntax near
    thanks in advance.

    Deano
    Regards
    Deano

  2. #2
    SitePoint Wizard Dean C's Avatar
    Join Date
    Mar 2003
    Location
    England, UK
    Posts
    2,906
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You need to escape data when inserting it into the DB using the addslashes function.

  3. #3
    SitePoint Evangelist Deano's Avatar
    Join Date
    Mar 2003
    Location
    Derbyshire, UK
    Posts
    487
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    worked a charm thx Deano

    for some reason i assumed it was related to htmlspecialchars :$
    Regards
    Deano

  4. #4
    SitePoint Wizard Dean C's Avatar
    Join Date
    Mar 2003
    Location
    England, UK
    Posts
    2,906
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's vitally important that you use addslashes when adding data into the database. Always cleanse your data. If it's meant to be an integer intval() it. If it's a string use addslashes() and if it's a string that shouldn't contain HTML use addslashes(strip_tags($var)) etc..


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •