...

View Full Version : Please help with characters



grubesteak
06-22-2005, 12:17 AM
Please help me. I'm going nuts. The ' and " in my textarea entries are stopping me cold. But, please understand first:

I am a newbie at this.

I do you choose to help, great, just please, please, please answer in layman's terms. And yes, I've already looked at the manual. No, I don't find it very easy to read.

Thanks.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Update Entry</title>
</head>

<body>
<?php

ini_set ('display_errors', 1);
error_reporting (E_ALL & ~ E_NOTICE);


if (isset ($_POST['submit'])) {
if ($dbc = @mysql_connect ('xxxx', 'xxxx', 'xxxxx')) {
if (!@mysql_select_db ('pomona_main')) {
die ('<p>Could not select the database because: <b>' . mysql_error() . '</b></p>');
}
} else {
die ('<p>Could not connect to MySQL because: <b>' . mysql_error() . '</b></p>');
}
$query = "INSERT INTO entries (entry_id, title, entry, date_entered) VALUES (0, '{$_POST['title']}', '{$_POST['entry']}', NOW())";
if (@mysql_query ($query)) {
print '<p>The blog entry has been added.</p>';
} else {
print "<p>Could not add the entry because: <b>" . mysql_error() . "</b>. The query was $query.</p>";
}
mysql_close();
}
?>
<form action="add_entry.php" method="post">
<p>Entry Title: <input type="text" name="title" size="40" maxlength="100" /></p>
<p>Entry Text: <textarea name="entry" cols="40" rows="5"></textarea></p>
<input type="submit" name="submit" value="Update Entry" />
</form>
<a href="index.php">go to admin home</a>
</body>
</html>

Kurashu
06-22-2005, 01:12 AM
Have you run htmlentites with the ENT_QUOTES flag?

grubesteak
06-22-2005, 02:09 AM
It's not HTML characters that's giving me the problem. It's when I try and submit data from a textarea into a database. Of course, the textarea will have an apostrophe, which ends up screwing the whole thing out.

But if I write "it is" instead of "it's", then everything works fine.

Velox Letum
06-22-2005, 02:27 AM
If you run htmlentities with the ENT_QUOTES flag it will change the apostrophe from ' into its HTML equivelant, letting it be put into the database smoothly.

grubesteak
06-22-2005, 02:35 AM
Sorry to be a pain, but could you do me a favor. Could your write a quick example of how that should be written? I'm really struggling with this, and this is the last thing I need to complete my stupid project.

Thanks.

Kurashu
06-22-2005, 02:46 AM
www.php.net

grubesteak
06-22-2005, 02:48 AM
I do you choose to help, great, just please, please, please answer in layman's terms. And yes, I've already looked at the manual. No, I don't find it very easy to read.


So much for a sense of community.

grubesteak
06-22-2005, 02:54 AM
I have to say, I'm really disapointed in the PHP users in CF as of late. I've shelled out tons of info on CSS and XHTML, but now when I need some programming help, I get told to read the ****ing manual, which I already stated I don't find very easy to read in the first place. What gives?

grubesteak
06-22-2005, 03:30 AM
Have you run htmlentites with the ENT_QUOTES flag?

Nope, that doesn't seemto be working.

Velox Letum
06-22-2005, 04:04 AM
// Assuming $db_input is set with string to be inserted...
$db_input = htmlentities($db_input, ENT_QUOTES);

// Database functions here...

This should convert any quotes, be it single or double, into database safe entries. I also apologize for the lack of an example, but I was a bit short on time. If you need more help, let me know.

Also, you could make a function.



function safe_quote($string) {
return htmlentities($string, ENT_QUOTES);
}

Then simply add safe_quotes() around the variable in question. ie:



safe_quote($_POST['entry']);

grubesteak
06-22-2005, 04:27 AM
Thanks for your help. Still not working. I give up. Two weeks on this is WAY too much time for me.

Thanks again.

SeeIT Solutions
06-22-2005, 04:44 AM
It's not working because in your insert query u have it inserting ID 0 over and over, if it is an auto incerment field change 0 to '' and it should work fine, you don't have to escape or change quotes to insert them into a database.

Velox Letum
06-22-2005, 05:12 AM
I knew I was missing something when I looked over that code :P

grubesteak
06-22-2005, 05:46 AM
Still nothing. Here's the error message and the changed code:

Could not add the entry because: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'm hoping this will work', 'Did this thing work?', NOW())' at li. The query was INSERT INTO entries (entry_id, title, entry, date_entered) VALUES ('', 'I'm hoping this will work', 'Did this thing work?', NOW()).

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Update Entry</title>
</head>

<body>
<?php

ini_set ('display_errors', 1);
error_reporting (E_ALL & ~ E_NOTICE);


if (isset ($_POST['submit'])) {
if ($dbc = @mysql_connect ('localhost', 'xxx', 'xxxx')) {
if (!@mysql_select_db ('pomona_main')) {
die ('<p>Could not select the database because: <b>' . mysql_error() . '</b></p>');
}
} else {
die ('<p>Could not connect to MySQL because: <b>' . mysql_error() . '</b></p>');
}
$query = "INSERT INTO entries (entry_id, title, entry, date_entered) VALUES ('', '{$_POST['title']}', '{$_POST['entry']}', NOW())";
if (@mysql_query ($query)) {
print '<p>The blog entry has been added.</p>';
} else {
print "<p>Could not add the entry because: <b>" . mysql_error() . "</b>. The query was $query.</p>";
}
mysql_close();
}
?>
<form action="add_entry.php" method="post">
<p>Entry Title: <input type="text" name="title" size="40" maxlength="100" /></p>
<p>Entry Text: <textarea name="entry" cols="40" rows="5"></textarea></p>
<input type="submit" name="submit" value="Update Entry" />
</form>
<a href="index.php">go to admin home</a>
</body>
</html>

grubesteak
06-22-2005, 05:53 AM
I checked the mysql monitor and the id's are fine. However, with some of the entries that did go in, I get a long dashed line like this. Very strange:

+---------------------------+------------------------------------------- etc ...

SeeIT Solutions
06-22-2005, 06:11 AM
I think it is the curly braces that are screwing it up, they are putting the variable there before processing the line.


Try this.

$query = "INSERT INTO entries (entry_id, title, entry, date_entered) VALUES ('', '".$_POST['title']."', '".$_POST['entry']."', NOW())";

grubesteak
06-22-2005, 01:08 PM
No, that's definitely not it. Thanks.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum