SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Wizard billy_111's Avatar
    Join Date
    Jul 2009
    Posts
    1,683
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    INSERT into table with TinyMCE

    Hey,

    I am inserting data into my table like so with TinyMCE text editor...

    PHP Code:
                    $title mysql_real_escape_string($_POST['txt_title']);
                    
    $details mysql_real_escape_string($_POST['txt_details']);
                    
    $date mysql_real_escape_string($_POST['txt_date']);
                    
    $info mysql_real_escape_string($_POST['txt_info']);
                    
    $day mysql_real_escape_string($_POST['txt_day']);

                    
    $title str_replace(array('<p>''</p>''<div>''</div>'), ''$title);
                    
    $details str_replace(array('<p>''</p>''<div>''</div>'), ''$details);
                    
    $info str_replace(array('<p>''</p>''<div>''</div>'), ''$info);

                    
    $insert "INSERT INTO bills (bill_title, bill_info, bill_date, other_info, bill_day, active, archive, date_added) VALUES 
                    (
                    '
    $title',
                    '
    $details',
                    '
    $date',
                    '
    $info',
                    '
    $day',
                    '1', 'NO', now()
                    )"
    ;
                    
    $add_member mysql_query($insert); 
    This inserts fine, but when i want to read out the data it does not display. I did some phishing and worked out that it was the apotrophes causing this. When i take the apostrophes out of the data i can display the text. So this means i cant write "Queen's" i have to write "Queens".

    Why is this? There are obviously going to be times where users enter apostrophes when entering data..

    Can i fix this?

    Regards
    Billy

  2. #2
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    If you don't have problem on insertion, but do on extraction, it maybe more prudent posting the code that extracts the inserted data.
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  3. #3
    SitePoint Wizard billy_111's Avatar
    Join Date
    Jul 2009
    Posts
    1,683
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well i have multiple bits of SELECT statements, but they are called like this:-

    PHP Code:
                                    include("conn.php"); 
                                         
                                    
    $query "SELECT * FROM bills WHERE bill_id = '".$_GET['bill_id']."' AND bill_day = '".$_GET['bill_day']."'";
                                    
    $result =  mysql_query ($query);
                                    
    $numrows mysql_num_rows($result);
                                    
                                    while(
    $row mysql_fetch_array($result,MYSQL_ASSOC))
                                    {
                                        echo 
    "Posted " .$row[bill_date];
                                    } 
    And vice versa.. Can you see a problem here...

  4. #4
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    First of all, check to see if magic quotes are enabled. If they are, disable 'em. Secondly, you need to sanitise that GET data too, if you're using a user supplied variable, always validate and sanitise.

    Check that, then post back.

    Good luck, Anthony.
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  5. #5
    Non-Member
    Join Date
    Oct 2009
    Posts
    1,852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey billy.

    put this line under $add_member = mysql_query($insert); in your code:
    PHP Code:
    if (!$add_member) die(mysql_error()." ".$insert); 
    and try to post something with apostrophe and see if it says anything

  6. #6
    Non-Member
    Join Date
    Oct 2009
    Posts
    1,852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It looks like as if you don't make that mysql_real_escape_string stuff
    but you do. And it seems very strange.
    Hope we will get some useful info from error message


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •