Solved

Trouble with putting text from DB to input & textarea

Posted on 2006-10-25
8
265 Views
Last Modified: 2006-11-18
I've developed my own news system. input for title, textarea for content, put them in database, then retrieve them from database.

But I have trouble with ' and/or " characters.

Im using this for putting them in database.
$sql="INSERT INTO `progress_news` SET `title`='".$_POST["title"]."', `author`='".$_SESSION["user"]."', `date`='".date("Y:m:d H:i:s")."', `content`='".$_POST["content"]."'";
mysql_query($sql);

Any hints of how I can do this so ' and " characters gets accepted and now messing up ?
0
Comment
Question by:brightwood
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 

Author Comment

by:brightwood
ID: 17804765
Also for edit news I use:
<input style="width:300px;" type="text" value="<?=$row["title"];?>"

And if title contains " character it gets messed up.
0
 
LVL 33

Expert Comment

by:snoyes_jw
ID: 17804883
Use addslashes() or mysql_real_escape_string() on all incoming data.

http://www.php.net/mysql_real_escape_string
http://www.php.net/addslashes
0
 
LVL 29

Expert Comment

by:TeRReF
ID: 17804888
Try changing this:
$sql="INSERT INTO `progress_news` SET `title`='".$_POST["title"]."', `author`='".$_SESSION["user"]."', `date`='".date("Y:m:d H:i:s")."', `content`='".$_POST["content"]."'";
into
$sql="INSERT INTO progress_news SET title='".mysql_real_escape_string($_POST["title"])."', author='".mysql_real_escape_string($_SESSION["user"])."', date='".date("Y:m:d H:i:s")."', content='".mysql_real_escape_string($_POST["content"])."'";

and
<input style="width:300px;" type="text" value="<?=$row["title"];?>"
to
<input style="width:300px;" type="text" value="<?php addslashes($row["title"]); ?>"
0
WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

 
LVL 33

Expert Comment

by:snoyes_jw
ID: 17804894
For the title, use htmlspecialchars()
0
 
LVL 20

Accepted Solution

by:
dsacker earned 500 total points
ID: 17804896
If you expect the content to contain punctuations, use addslashes($_POST["content"]). Then when you return it to your webpage, use stripslashes($row['content']).

(I'm assuming the database name $row['content'] from your example. Use whatever is actually correct.)
0
 

Author Comment

by:brightwood
ID: 17805318
Got it working, used addslashes and stripslashes.

Thanks for help.
0
 
LVL 11

Expert Comment

by:Chris Gralike
ID: 17807563
Just as a comment on the sideline ( a serious one)!

Please dont do this ==>

$sql = "insert into table.column values('".$_POST['value']."')";

This might enable quite easly sql injections that you "dont" want. Do check the type of the POST var, if it is correct put it in a var wich is used in the query ie.

if(!empty($_POST['value']) ){
       $var = htmlspecialchars($_POST['value']);
       $var = addslashes($_POST['value']);
       /* or what ever is needed */
}

$sql = "insert into table.column values('".$var."')";

write save code ;-)

Regards,
0
 

Author Comment

by:brightwood
ID: 17811832
Closing this question, but I opened another one regarding your post Chris. I would like more information about this so I opened a new one so I can reward you.

http://www.experts-exchange.com/Web/Web_Languages/PHP/Q_22038474.html
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question