...

View Full Version : Resolved MySQL and & symbols



ubh
12-08-2008, 06:26 PM
Hey I turned on magic quotes for a series of reasons that I am not committed to.

Problem I am running into now is that while trying to input some product information stuff into MySQL any string that carrys & symbol or even & strops the string any after it refuses to be put into the database.

I am curios as to what I might have to do to make the string escape this symbol and turn it into something else.

This didn't help at all.

$product_comments = str_replace("&", "/\/AMP\/\/", $product_comments);

CFMaBiSmAd
12-08-2008, 06:52 PM
& is not a character that magic_quotes does anything with and it has no special significance to mysql, so it is likely that your form or form processing code is not handling it correctly. You would need to post your form, form processing code, and an example of what is being entered to get any specific help with what they are doing. I suspect that the GET mode is being used and the & has meaning when used in data on the end of a URL.

ubh
12-08-2008, 07:41 PM
yes the GET mode is being used. I have built a CMS edit page to edit products much faster. It is using Ajax thats using the GET mode for the pull from database into my form and POST for saving to database.

php edit form
php edit page javascitpt validation / ajax calls
php edit ajax post and get pages

would be a whole lot of code to put up here. If it is infact the GET mode doing it would there be a quick solution?

CFMaBiSmAd
12-08-2008, 07:58 PM
You would need to encode it as hex %26 or +%26 (if not the first character)

ubh
12-08-2008, 09:53 PM
Thanks this gets me on the right track. However I am having a little problem now. My ajax URL encoding looks like this now.



function saveDoc()
{
function createpoststring()
{
var product_name = document.getElementById("product_name").value;
var product_category = document.getElementById("product_category").value;
var page_title = document.getElementById("page_title").value;
var page_keywords = document.getElementById("page_keywords").value;

var page_description = document.getElementById("page_description").value;
var page_description = page_description.replace("&", "%26");////////////////// encode &
var page_description = page_description.replace("&", "+%26");///////////////// encode &

var url = document.getElementById("url").value;
var seals = document.getElementById("seals").value;
var thumb_nail = document.getElementById("thumb_nail").value;
var full_image = document.getElementById("full_image").value;

var ingredients = document.getElementById("ingredients").value;
var ingredients = ingredients.replace("&", "%26"); //////////////// encode &
var ingredients = ingredients.replace("&", "+%26");//////////////// encode &

var floz = document.getElementById("floz").value;
var flozAlt = document.getElementById("flozAlt").value;
var flozAlt2 = document.getElementById("flozAlt2").value;
var price = document.getElementById("price").value;
var priceAlt = document.getElementById("priceAlt").value;
var priceAlt2 = document.getElementById("priceAlt2").value;
var layout = document.getElementById("layout").value;

var product_description = document.getElementById("product_description").value;
var product_description = product_description.replace("&", "%26");//////////////// encode &
var product_description = product_description.replace("&", "+%26"); ////////////// encode &

var product_comments = document.getElementById("product_comments").value;
var product_comments = product_comments.replace("&", "%26");/////////////// encode &
var product_comments = product_comments.replace("&", "+%26");////////////// encode &

var mama_says = document.getElementById("mama_says").value;
var mama_says = mama_says.replace("&", "%26");///////////// encode &
var mama_says = mama_says.replace("&", "+%26");//////////// encode &

var poststr =
"product_name=" + encodeURI(product_name) +
"&product_category=" + encodeURI(product_category) +
"&page_title=" + encodeURI(page_title) +
"&page_keywords=" + encodeURI(page_keywords) +
"&page_description=" + encodeURI(page_description) +
"&url=" + encodeURI(url) +
"&seals=" + encodeURI(seals) +
"&thumb_nail=" + encodeURI(thumb_nail) +
"&full_image=" + encodeURI(full_image) +

"&ingredients=" + encodeURI(ingredients) +
"&floz=" + encodeURI(floz) +
"&flozAlt=" + encodeURI(flozAlt) +
"&flozAlt2=" + encodeURI(flozAlt2) +
"&price=" + encodeURI(price) +
"&priceAlt=" + encodeURI(priceAlt) +
"&priceAlt2=" + encodeURI(priceAlt2) +
"&layout=" + encodeURI(layout) +
"&product_description=" + encodeURI(product_description) +
"&product_comments=" + encodeURI(product_comments) +
"&mama_says=" + encodeURI(mama_says);
return poststr;
}
var varify = confirm('Are you sure you want to save these changes?');
if(varify)
{
createpoststring();
var poststr = createpoststring(); //Get contents to post and create query string first
ajaxpack.postAjaxRequest("save2database.php", poststr, createpoststring, "html");
}
else
{
alert('Save was cancled.');
}
}


This is only encodeing some of the & . I first tried it with simply:

var product_comments = product_comments.replace("&", "%26");/////////////// encode &
But this only encoded a few. I then added:

var product_comments = product_comments.replace("&", "%26");/////////////// encode &
var product_comments = product_comments.replace("&", "+%26");/////////////// encode &
And this is encoding most, but still not all of them... how to I encode them all?

Thanks.

ubh
12-09-2008, 05:43 PM
hmmm anyone know how I can clean up all &??

ubh
12-10-2008, 05:54 PM
I feel so embarrassed that I forgot the simple client side replace GLOBAL lol.
Each JavaScript string replace function now looks like this.


var = var.replace(/&/g, "%26");

WOW I still cant believe I missed that one, no wonder no wanted to comment back lol was so obvious.

Thanks.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum