Solved

Special Character Problem in Mysql database insert from form

Posted on 2011-03-25
16
392 Views
Last Modified: 2012-05-11
I have a text box with this code:

<textarea name="link_rt" id="link_rt" rows="4" class="text-intput text-box" onKeyDown="limitText(this,140);" onKeyUp="limitText(this,140);"></textarea>

Open in new window


My Mysql insert code is:

$query = "INSERT INTO di_links (link_id, linkType, linkText) VALUES ('".$postId."','RT','".mysql_real_escape_string($link_rt)."')";

Open in new window


if a person types in a & or # the text gets cut off at that point when inserting into the database.  How can i have special characters into a database field?

0
Comment
Question by:jporter80
  • 8
  • 3
  • 3
  • +1
16 Comments
 
LVL 34

Expert Comment

by:Beverley Portlock
Comment Utility
Use htmlspecialchars( $link_rt, ENT_QUOTES )

See http://www.php.net/htmlspecialchars
0
 
LVL 34

Expert Comment

by:Beverley Portlock
Comment Utility
Actually, on reflection a & or a # should not prevent the SQL statement from completing. Are you sure that the javascript limitText is not the culprit here?
0
 

Author Comment

by:jporter80
Comment Utility
so would you do that in the variable declaration in my query page?

like:

$link_rt = htmlspecialchars( $_POST['link_rt'], ENT_QUOTES );
0
 

Author Comment

by:jporter80
Comment Utility
no its not.. because its cutting off way before 140 character count.. and i have tested.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
Comment Utility
Try it and see - just like you typed, but I think the problem is elsewhere. Does anything else process $link_rt before it gets to the query?
0
 

Author Comment

by:jporter80
Comment Utility
okay.. looks like # is going in just fine.. however & gets cut off
0
 
LVL 5

Expert Comment

by:tsmgeek
Comment Utility
the data is going into the DB but when you view it again you need to use htmlspecialcharacters to display it, check the DB directly to see if its there correctly
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:jporter80
Comment Utility
its not even getting in the database.. im finding out through searches that it has to do with $.ajax submitting the form feilds dynamically.. and its not escaping the ampersand... still trying to find out how to fix it because that is the only character that is having the problem right now.
0
 
LVL 5

Expert Comment

by:tsmgeek
Comment Utility
if you are using jquery ajax with POST then you dont need to escape it, i never do on any code i have
0
 

Author Comment

by:jporter80
Comment Utility
sorry im kind of new at this a bit.  Here is my Ajax code

submitHandler: function(form) {

			 var link_rt     = $('#link_rt').attr('value');
			 var link_ts     = $('#link_ts').attr('value');
			 
			 				
		$.ajax({		
						type: "POST",
						url: "/action/submit.php",
						data: { link_rt: link_rt, link_ts: link_ts },
						success: function(){
						$('form#submitForm').hide(function(){$('div.success').fadeIn();});
						document.getElementById("submitForm").reset();
						setTimeout($('form#submitForm').show(function(){$('div.success').fadeOut();}),4000);
						}
		});

Open in new window


here is my Php insert

$link_rt = urlencode($_POST['link_rt']);


$query = "INSERT INTO di_links (link_id, linkType, linkText) VALUES ('".$postId."','RT','".mysql_real_escape_string($link_rt)."')";

Open in new window


any idea what could be wrong with ampersand characters getting cut off from the ajax page to the php insert?
0
 
LVL 5

Expert Comment

by:tsmgeek
Comment Utility
DONT do the urlencode before the insert into the DB
thats an output to html function
0
 

Author Comment

by:jporter80
Comment Utility
okay.. but that is the only field... i have other fields with out the urlencode that ampersand is having trouble with.
0
 

Author Comment

by:jporter80
Comment Utility
im wondering if i need to specify a dataType in the ajax info

not sure if it should be

dataType: "html",

or

dataType: "text",

any ideas?
0
 

Author Comment

by:jporter80
Comment Utility
adding dataType: "text",

worked.. thanks for your help
0
 

Accepted Solution

by:
ee_auto earned 0 total points
Comment Utility
Question PAQ'd and stored in the solution database.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Read about achieving the basic levels of HRIS security in the workplace.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now