Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Regular Coder
    Join Date
    Feb 2005
    Location
    Lawrence, Kansas
    Posts
    125
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Unhappy Please help with characters

    Please help me. I'm going nuts. The ' and " in my textarea entries are stopping me cold. But, please understand first:

    I am a newbie at this.

    I do you choose to help, great, just please, please, please answer in layman's terms. And yes, I've already looked at the manual. No, I don't find it very easy to read.

    Thanks.

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Update Entry</title>
    </head>

    <body>
    <?php

    ini_set ('display_errors', 1);
    error_reporting (E_ALL & ~ E_NOTICE);


    if (isset ($_POST['submit'])) {
    if ($dbc = @mysql_connect ('xxxx', 'xxxx', 'xxxxx')) {
    if (!@mysql_select_db ('pomona_main')) {
    die ('<p>Could not select the database because: <b>' . mysql_error() . '</b></p>');
    }
    } else {
    die ('<p>Could not connect to MySQL because: <b>' . mysql_error() . '</b></p>');
    }
    $query = "INSERT INTO entries (entry_id, title, entry, date_entered) VALUES (0, '{$_POST['title']}', '{$_POST['entry']}', NOW())";
    if (@mysql_query ($query)) {
    print '<p>The blog entry has been added.</p>';
    } else {
    print "<p>Could not add the entry because: <b>" . mysql_error() . "</b>. The query was $query.</p>";
    }
    mysql_close();
    }
    ?>
    <form action="add_entry.php" method="post">
    <p>Entry Title: <input type="text" name="title" size="40" maxlength="100" /></p>
    <p>Entry Text: <textarea name="entry" cols="40" rows="5"></textarea></p>
    <input type="submit" name="submit" value="Update Entry" />
    </form>
    <a href="index.php">go to admin home</a>
    </body>
    </html>

  • #2
    Regular Coder
    Join Date
    Aug 2004
    Location
    The US of A
    Posts
    767
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Have you run htmlentites with the ENT_QUOTES flag?

  • #3
    Regular Coder
    Join Date
    Feb 2005
    Location
    Lawrence, Kansas
    Posts
    125
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It's not HTML characters that's giving me the problem. It's when I try and submit data from a textarea into a database. Of course, the textarea will have an apostrophe, which ends up screwing the whole thing out.

    But if I write "it is" instead of "it's", then everything works fine.

  • #4
    Senior Coder
    Join Date
    Apr 2005
    Location
    Colorado, United States
    Posts
    1,208
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If you run htmlentities with the ENT_QUOTES flag it will change the apostrophe from ' into its HTML equivelant, letting it be put into the database smoothly.
    "$question = ( to() ) ? be() : ~be();"

  • #5
    Regular Coder
    Join Date
    Feb 2005
    Location
    Lawrence, Kansas
    Posts
    125
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Unhappy

    Sorry to be a pain, but could you do me a favor. Could your write a quick example of how that should be written? I'm really struggling with this, and this is the last thing I need to complete my stupid project.

    Thanks.

  • #6
    Regular Coder
    Join Date
    Aug 2004
    Location
    The US of A
    Posts
    767
    Thanks
    1
    Thanked 0 Times in 0 Posts

  • #7
    Regular Coder
    Join Date
    Feb 2005
    Location
    Lawrence, Kansas
    Posts
    125
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by grubesteak
    I do you choose to help, great, just please, please, please answer in layman's terms. And yes, I've already looked at the manual. No, I don't find it very easy to read.
    So much for a sense of community.

  • #8
    Regular Coder
    Join Date
    Feb 2005
    Location
    Lawrence, Kansas
    Posts
    125
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have to say, I'm really disapointed in the PHP users in CF as of late. I've shelled out tons of info on CSS and XHTML, but now when I need some programming help, I get told to read the ****ing manual, which I already stated I don't find very easy to read in the first place. What gives?

  • #9
    Regular Coder
    Join Date
    Feb 2005
    Location
    Lawrence, Kansas
    Posts
    125
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Kurashu
    Have you run htmlentites with the ENT_QUOTES flag?
    Nope, that doesn't seemto be working.

  • #10
    Senior Coder
    Join Date
    Apr 2005
    Location
    Colorado, United States
    Posts
    1,208
    Thanks
    0
    Thanked 0 Times in 0 Posts
    PHP Code:
    // Assuming $db_input is set with string to be inserted...
    $db_input htmlentities($db_inputENT_QUOTES);

    // Database functions here... 
    This should convert any quotes, be it single or double, into database safe entries. I also apologize for the lack of an example, but I was a bit short on time. If you need more help, let me know.

    Also, you could make a function.

    PHP Code:
    function safe_quote($string) {
        return 
    htmlentities($stringENT_QUOTES);

    Then simply add safe_quotes() around the variable in question. ie:

    PHP Code:
    safe_quote($_POST['entry']); 
    Last edited by Velox Letum; 06-22-2005 at 04:08 AM.
    "$question = ( to() ) ? be() : ~be();"

  • #11
    Regular Coder
    Join Date
    Feb 2005
    Location
    Lawrence, Kansas
    Posts
    125
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for your help. Still not working. I give up. Two weeks on this is WAY too much time for me.

    Thanks again.

  • #12
    Regular Coder
    Join Date
    May 2005
    Posts
    563
    Thanks
    0
    Thanked 3 Times in 3 Posts
    It's not working because in your insert query u have it inserting ID 0 over and over, if it is an auto incerment field change 0 to '' and it should work fine, you don't have to escape or change quotes to insert them into a database.

  • #13
    Senior Coder
    Join Date
    Apr 2005
    Location
    Colorado, United States
    Posts
    1,208
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I knew I was missing something when I looked over that code :P
    "$question = ( to() ) ? be() : ~be();"

  • #14
    Regular Coder
    Join Date
    Feb 2005
    Location
    Lawrence, Kansas
    Posts
    125
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Still nothing. Here's the error message and the changed code:

    Could not add the entry because: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'm hoping this will work', 'Did this thing work?', NOW())' at li. The query was INSERT INTO entries (entry_id, title, entry, date_entered) VALUES ('', 'I'm hoping this will work', 'Did this thing work?', NOW()).

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Update Entry</title>
    </head>

    <body>
    <?php

    ini_set ('display_errors', 1);
    error_reporting (E_ALL & ~ E_NOTICE);


    if (isset ($_POST['submit'])) {
    if ($dbc = @mysql_connect ('localhost', 'xxx', 'xxxx')) {
    if (!@mysql_select_db ('pomona_main')) {
    die ('<p>Could not select the database because: <b>' . mysql_error() . '</b></p>');
    }
    } else {
    die ('<p>Could not connect to MySQL because: <b>' . mysql_error() . '</b></p>');
    }
    $query = "INSERT INTO entries (entry_id, title, entry, date_entered) VALUES ('', '{$_POST['title']}', '{$_POST['entry']}', NOW())";
    if (@mysql_query ($query)) {
    print '<p>The blog entry has been added.</p>';
    } else {
    print "<p>Could not add the entry because: <b>" . mysql_error() . "</b>. The query was $query.</p>";
    }
    mysql_close();
    }
    ?>
    <form action="add_entry.php" method="post">
    <p>Entry Title: <input type="text" name="title" size="40" maxlength="100" /></p>
    <p>Entry Text: <textarea name="entry" cols="40" rows="5"></textarea></p>
    <input type="submit" name="submit" value="Update Entry" />
    </form>
    <a href="index.php">go to admin home</a>
    </body>
    </html>

  • #15
    Regular Coder
    Join Date
    Feb 2005
    Location
    Lawrence, Kansas
    Posts
    125
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I checked the mysql monitor and the id's are fine. However, with some of the entries that did go in, I get a long dashed line like this. Very strange:

    +---------------------------+------------------------------------------- etc ...


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •