hi all i cant seem to past posting quotes back to my mysql database.
this is the script that saves the editor to the database.
$sql = "UPDATE pages SET page_content = '". stripslashes( $HTTP_POST_VARS['FCKeditor1'] ) ."' WHERE page_id=$id" or die("Unable to select database.");
mysql_query($sql) or die("Invalid query: " . mysql_error());
everything works fine untill you put a quote into the content. eg. didn't
you end up with a php error
Invalid query: You have an error in your SQL syntax near '/h4>
cheers aron.
Sat, 02/24/2007 - 01:50
#1
RE: php submiting to mysql databse quote ' is
You have two problems here. First, you shouldn't need stripslashes(). I assume you have magic_quotes enabled. Try disabling it - it encourages sloppy coding.
Second, you're stripping out the slashes...
For example, consider this:
insert into table1 (name,value) values('test','quot'd string');
see the problem?
you need to escape the value. let's say the values were in the variables $name and $value, you could do this with:
$sql="insert into table1 (name,value) values('".mysql_real_escape_string($name)."', '".mysql_real_escape_string($value)."')";
not quite as readable, maybe, but more correct.
An even better way might be to use "prepared statements", but I'll leave that as an exercisse for you
RE: php submiting to mysql databse quote ' is
i added this line to the submit page.
$sValue = addslashes( $_POST['FCKeditor1'] ) ;
and i added this line to the editor page
$oFCKeditor->Value = stripslashes( $line_page["page_content"] ) ;
all seems good
cheers aron