SitePoint Sponsor

User Tag List

Results 1 to 6 of 6

Thread: " & ' os feilds

  1. #1
    SitePoint Guru
    Join Date
    Jun 2001
    Location
    Australia
    Posts
    676
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    " & ' os feilds

    Hi Guys,

    I have a script called X-Gate News and a person has contacted me asking why he gets an error when he posts " or ' in his message feild.

    I have tryed this on my online demo and it works fine, so I put it down to software (php/mysql) problem but what to know if thats the case.

    My demo here
    http://www.boxxnet.com.au/xgate/

    This is the code when adding news
    PHP Code:
    if ($submit): 

    $sql "INSERT INTO xgate_news SET email_admin='$email_admin', name_admin='$name_admin', title='$title', story1='$story1', story2='$story2', date=NOW(), ok='$ok', cid='$cid'"
    if (@
    mysql_query($sql)) { 
    echo(
    ""); 
    } else { 
    echo(
    "<p>Error adding news item: " 
    mysql_error() . "</p>"); 


  2. #2
    Prolific Blogger silver trophy Technosailor's Avatar
    Join Date
    Jun 2001
    Location
    Before These Crowded Streets
    Posts
    9,446
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    not 100% posititve on this, but try adding addslashes($variable) instead of just $variable around the fields with quotes, etc. in them. IOW:
    PHP Code:
    $sql "INSERT INTO xgate_news SET email_admin='$email_admin', name_admin='$name_admin', title='$title', story1='addslashes($story1)', story2='addslashes($story2)', date=NOW(), ok='$ok', cid='$cid'"
    That should automatically escape the charachters that need escaping...

    Sketch
    Aaron Brazell
    Technosailor



  3. #3
    Action! filmfoto's Avatar
    Join Date
    Dec 2001
    Location
    Sweden
    Posts
    278
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sounds like a magic_quotes problem to me. Check with your client if he has magic_quotes turned on or not. Most likely your php installation has magic_quotes turned on.



    Cheers.

  4. #4
    SitePoint Guru
    Join Date
    Jun 2001
    Location
    Australia
    Posts
    676
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    sketch,

    Thanks for the reply but that code only added addslashes to the submittion
    Code:
    addslashes('';;;;""")
    
    addslashes(add story )
    http://www.boxxnet.com.au/xgate/news.php?id=93

    Any other suggestions?

  5. #5
    Making a better wheel silver trophy DR_LaRRY_PEpPeR's Avatar
    Join Date
    Jul 2001
    Location
    Missouri
    Posts
    3,428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by Dean Wilson
    sketch,

    Thanks for the reply but that code only added addslashes to the submittion
    Code:
    addslashes('';;;;""")
    
    addslashes(add story )
    this is on your system, yes? yep, that's b/c magic_quotes_gpc is on on your system. it should work fine on the other dude's system, though. you have to use addslashes() when magic_quotes_gpc is off (preferred ) and don't do anything when it's on. you can do that like this:

    PHP Code:
    if (!get_magic_quotes_gpc()) { $txt addslashes($txt); } 
    alternatively, you could put some code at the top of your scripts that runs stripslashes() on all of your incoming text if magic_quotes_gpc is on. then in your script you can use addslashes() on everything before inserting it into MySQL.
    - Matt ** Ignore old signature for now... **
    Dr.BB - Highly optimized to be 2-3x faster than the "Big 3."
    "Do not enclose numeric values in quotes -- that is very non-standard and will only work on MySQL." - MattR

  6. #6
    SitePoint Guru
    Join Date
    Jun 2001
    Location
    Australia
    Posts
    676
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nope, it's not mine machine. I don't have a problem with my current script, but a viewer who downloaded it does.

    I will pass the "magic_quotes_gpc is on" message onto him though.

    Thanks Dude


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •