Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder
    Join Date
    Feb 2005
    Location
    Lawrence, Kansas
    Posts
    125
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Macintosh " ' and ? issues ...

    I need a refresher.

    I'm trying to submit a form with a textarea, and said textarea has crazy characters like ', ", and ?, but mysql won't accept it unless I take out the characters.

    What in the world do I need to do to fix this?

    Here's my code:

    <?php // add_entry.php
    ini_set ('display_errors', 1);
    error_reporting (E_ALL & ~E_NOTICE);


    if (isset ($_POST['submit'])) {
    if ($dbc = @mysql_connect ('xxx', 'xxx', 'xxxx')) {
    if (!@mysql_select_db ('omon_main')) {
    die ('<p>could not select the database because: <b>' . mysql_error() . '</b></p>');
    }
    } else {
    die ('<p>Could not connect to MySQL because: <b>' . mysql_error() . '</b></p>');
    }
    $query = "INSERT INTO entries (entry_id, title, entry, date_entered) VALUES (0, '{$_POST['title']}', '{$_POST['entry']}', NOW())";

    if (@mysql_query ($query)) {
    print '<p>The blog entry has been added.</p>';
    } else {
    print "<p>Could not add the entry because: <b>" . mysql_error() . "</b>. The query was $query.</p>";
    }
    mysql_close();
    }
    ?>
    <form action="add_entry.php" method="post">
    <p>Entry Title: <input type="text" name="title" size="40" maxlength="100" /></p>
    <p>Entry Text: <textarea name="entry" cols="40" rows="5"></textarea></p>
    <input type="submit" name="submit" value="Add to the Blog!" />
    </form>

  • #2
    Regular Coder
    Join Date
    Jun 2005
    Posts
    804
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You should run it through mysql_real_escape_string() -- actually, you should never send POST vars directly into your query the way you are. It opens you up to injection attacks. Read the manual page first, though; it's got some important usage notes.

  • #3
    Regular Coder
    Join Date
    Feb 2005
    Location
    Lawrence, Kansas
    Posts
    125
    Thanks
    0
    Thanked 0 Times in 0 Posts
    What's an injection attack? (can you tell I'm a n00b?)

  • #4
    Regular Coder
    Join Date
    Jun 2005
    Posts
    804
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The mysql_real_escape_string() page has an example, and there are more on this page.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •