?
Solved

php wont update if content has a '

Posted on 2009-07-07
22
Medium Priority
?
179 Views
Last Modified: 2013-12-13
Ive got a form which uses fckeditor.

It works fine but when I add text (content) to the form it wont update if the content has
and apostrophe in it.

Naturally Im going to need to add apostrophes in the contents website so how do I get around this.
0
Comment
Question by:Cheryl Lander
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 9
  • 2
22 Comments
 
LVL 10

Expert Comment

by:Tyler Laczko
ID: 24800418
you cannot use the ' in your code when dealing with the fckeditor
0
 

Author Comment

by:Cheryl Lander
ID: 24800421
So what options do i have?
0
 
LVL 10

Expert Comment

by:Tyler Laczko
ID: 24800474
use \"

remember this is in your code ppl can use ' in the fckeditor
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Cheryl Lander
ID: 24800484
dont really follow.
0
 

Author Comment

by:Cheryl Lander
ID: 24800526
I find it hard ot believe that you couldt write the following in fckeditor.

today I can't find a html editor.

If so are there any alternatives?
0
 

Author Comment

by:Cheryl Lander
ID: 24800550
Ive just gone onto the fckeditor site and done a test on their demo. It works fine.

                         <p>' &quot;</p>
<br />

So I can only assume its a php code error when inserting it into the database.
0
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 24800698
Hi,

It is simple issue,

you need to replace ' ..

after receiving the text from fckeditor, you have to use replace function to replace the ' to `

 
0
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 24800702

$fcktext = $_POST['fckeditor'];
 
$formatt_text = str_replace($fcktext, "'","`");

Open in new window

0
 

Author Comment

by:Cheryl Lander
ID: 24800705
logudotcom:
not sure where to make this change.

I have my form page, then I have my processing page (insert)
0
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 24800776
you have to make in the processing page...

where you are receiving and insert?
0
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 24800783
if u can, post some code on the processing page, i will modify it?
0
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 24800788
one more suggestion,

even you can apply this function -->mysql_escape_string()

 instead of str_replace(),


<?php
$item = "Zak's Laptop";
$escaped_item = mysql_escape_string($item);
printf("Escaped string: %s\n", $escaped_item);
?>

Open in new window

0
 

Author Comment

by:Cheryl Lander
ID: 24800828
Form page.

    <tr>
      <td valign="top"><div align="right" class="textstandard">
        <div align="left">Information<span class="textRecord"></span></div>
      </div>      </td>
     
      <td valign="top" class="textstandard"><img src="images/icon_circlearrow.gif" width="11" height="11" /></td>
      <td><textarea id="MyTextarea" name="ud_content"><? echo $row["content"]; ?></textarea></td>
    </tr>

------------------------------------------------------------------------

Processing page.
$query="UPDATE pages SET content='$ud_content' WHERE pageid='$ud_pageid'";
0
 

Author Comment

by:Cheryl Lander
ID: 24800834
note I have other form fields but this is the fckeditor form.
0
 
LVL 36

Accepted Solution

by:
Loganathan Natarajan earned 2000 total points
ID: 24800877
OK,

add these lines,


$ud_content = $_POST['ud_content'];
 
$ud_content_modified = mysql_escape_string($ud_content);
 
$query="UPDATE pages SET content='$ud_content_modified' WHERE pageid='$ud_pageid'";

Open in new window

0
 

Author Comment

by:Cheryl Lander
ID: 24800891
I went into it and added a ' to the content and processed the code and came back to view an nothing had changed.
0
 

Author Closing Comment

by:Cheryl Lander
ID: 31600939
All ok recoded the page and it works great.

Thanks so much.
0
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 24800932
actually, mysql_escape_string() will help you to safer insert/update... it won't replace '
0
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 24800933
do u need any help again?
0
 

Author Comment

by:Cheryl Lander
ID: 24801351
ok so if you think its better.

Do you want me to open up another question?


actually, mysql_escape_string() will help you to safer insert/update... it won't replace '
0
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 24801561
may be, you can open new question
0
 

Author Comment

by:Cheryl Lander
ID: 24802988
done.
0

Featured Post

CHALLENGE LAB: Troubleshooting Connectivity Issues

Goal: Fix the connectivity issue in the lab's AWS environment so that you can SSH into the provided EC2 instance.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question