INSERT into table with TinyMCE

**billy_111** · Nov 19, 2009 13:08

Hey,

I am inserting data into my table like so with TinyMCE text editor...

PHP Code:


                $title = mysql_real_escape_string($_POST['txt_title']);

                $details = mysql_real_escape_string($_POST['txt_details']);

                $date = mysql_real_escape_string($_POST['txt_date']);

                $info = mysql_real_escape_string($_POST['txt_info']);

                $day = mysql_real_escape_string($_POST['txt_day']);



                $title = str_replace(array('<p>', '</p>', '<div>', '</div>'), '', $title);

                $details = str_replace(array('<p>', '</p>', '<div>', '</div>'), '', $details);

                $info = str_replace(array('<p>', '</p>', '<div>', '</div>'), '', $info);



                $insert = "INSERT INTO bills (bill_title, bill_info, bill_date, other_info, bill_day, active, archive, date_added) VALUES 

                (

                '$title',

                '$details',

                '$date',

                '$info',

                '$day',

                '1', 'NO', now()

                )";

                $add_member = mysql_query($insert);

This inserts fine, but when i want to read out the data it does not display. I did some phishing and worked out that it was the apotrophes causing this. When i take the apostrophes out of the data i can display the text. So this means i cant write "Queen's" i have to write "Queens".

Why is this? There are obviously going to be times where users enter apostrophes when entering data..

Can i fix this?

Regards
Billy

**AnthonySterling** · Nov 19, 2009 13:15

If you don't have problem on insertion, but do on extraction, it maybe more prudent posting the code that extracts the inserted data.

**billy_111** · Nov 19, 2009 14:36

Well i have multiple bits of SELECT statements, but they are called like this:-

PHP Code:


                                include("conn.php"); 

                                     

                                $query = "SELECT * FROM bills WHERE bill_id = '".$_GET['bill_id']."' AND bill_day = '".$_GET['bill_day']."'";

                                $result =  mysql_query ($query);

                                $numrows = mysql_num_rows($result);

                                

                                while($row = mysql_fetch_array($result,MYSQL_ASSOC))

                                {

                                    echo "Posted " .$row[bill_date];

                                }

And vice versa.. Can you see a problem here...

**AnthonySterling** · Nov 19, 2009 14:46

First of all, check to see if magic quotes are enabled. If they are, disable 'em. Secondly, you need to sanitise that GET data too, if you're using a user supplied variable, always validate and sanitise.

Check that, then post back.

Good luck, Anthony.

**Shrapnel_N5** · Nov 19, 2009 15:01

Hey billy.

put this line under $add_member = mysql_query($insert); in your code:

PHP Code:


if (!$add_member) die(mysql_error()." ".$insert);

and try to post something with apostrophe and see if it says anything

**Shrapnel_N5** · Nov 19, 2009 15:03

It looks like as if you don't make that mysql_real_escape_string stuff
but you do. And it seems very strange.
Hope we will get some useful info from error message

User Tag List

Thread: INSERT into table with TinyMCE

Thread Tools

Display

INSERT into table with TinyMCE

Bookmarks

Bookmarks

Posting Permissions