Page 1 of 1
problem inputting data that has a single quote
Posted: Tue Sep 21, 2010 7:35 pm
by Smudly
Hi, I'm trying to type in a name of a song into an input field, for example:
I'll Be Missing you
This field is captured through $_POST and set to a variable $title
I then update the table with this new title. Once it is updated, all that is shown in the data is:
I
The single quote, and anything after it is gone completely.
Here is my query. How can I change this so it includes the single quote and everything after it?
Code: Select all
$sql = "UPDATE sheets SET artist = '$artist', title = '$title', active = '$activestatus' WHERE id = $value";
$result = mysql_query($sql) or die(mysql_error().'<br>'.$sql);
If more code is required to understand what I'm talking about, let me know.
Re: problem inputting data that has a single quote
Posted: Tue Sep 21, 2010 8:05 pm
by Jonah Bron
Code: Select all
$artist = mysql_real_escape_string($artist);
$title = mysql_real_escape_string($title);
$activestatus = mysql_real_escape_string($activestatus);
$value = intval($value);
$sql = 'UPDATE sheets SET artist = "' . $artist . '", title = "' . $title . '", active = "' . $activestatus . '" WHERE id = ' . $value;
$result = mysql_query($sql) or die(mysql_error().'<br>'.$sql);
This also prevents SQL injection (google it).
ALWAYS run any strings you're passing into a query through mysql_real_escape_string(). Run all integers through intval().
Re: problem inputting data that has a single quote
Posted: Tue Sep 21, 2010 8:13 pm
by Smudly
Hey thanks for the in-depth post. I tried your method, but still having the same issue as mentioned before. I'm not getting any errors.
To further understand what is going on with my code, take a look at this

The page that allows me to change the name of the title is an admin page. This page lists all the rows in the database.
Code: Select all
function safe($value){
return mysql_real_escape_string(stripslashes($value));
}
if (isset($submit)){
// UPDATE USERS INFORMATION FOR ONLY THE ROWS THAT HAVE BEEN MODIFIED
$user = $_POST['user'];
foreach($user as $key=>$value)
{
$artist = safe($_POST['artist'][$key]);
$title = safe($_POST['title'][$key]);
$timesdownloaded = safe($_POST['timesdownloaded'][$key]);
$lastdownloaded = safe($_POST['lastdownloaded'][$key]);
$todaydownloads = safe($_POST['todaydownloads'][$key]);
$location = safe($_POST['url'][$key]);
$check = safe($_POST['check'][$key]);
$artist = mysql_real_escape_string($artist);
$title = mysql_real_escape_string($title);
if(!$check=="check".$key){
$sql = 'UPDATE sheets SET artist = "' . $artist . '", title = "' . $title . '", active = "' . $activestatus . '" WHERE id = ' . $value;
$result = mysql_query($sql) or die(mysql_error().'<br>'.$sql);
$getusername = "SELECT artist FROM sheets WHERE id = $value";
$getuserres = mysql_query($getusername);
$getuserrow = mysql_fetch_assoc($getuserres);
}
Not sure why I'm still having an issue. Any ideas?
Re: problem inputting data that has a single quote
Posted: Tue Sep 21, 2010 11:11 pm
by Jonah Bron
Oh, looks like you're already cleaning the input. Try this.
Code: Select all
function safe($value){
return mysql_real_escape_string($value);
}
if (isset($submit)){
// UPDATE USERS INFORMATION FOR ONLY THE ROWS THAT HAVE BEEN MODIFIED
$user = $_POST['user'];
foreach($user as $key=>$value)
{
$artist = safe($_POST['artist'][$key]);
$title = safe($_POST['title'][$key]);
$timesdownloaded = safe($_POST['timesdownloaded'][$key]);
$lastdownloaded = safe($_POST['lastdownloaded'][$key]);
$todaydownloads = safe($_POST['todaydownloads'][$key]);
$location = safe($_POST['url'][$key]);
$check = safe($_POST['check'][$key]);
$value = intval($value);
if(!$check=="check".$key){
$sql = 'UPDATE sheets SET artist = "' . $artist . '", title = "' . $title . '", active = "' . $activestatus . '" WHERE id = ' . $value;
$result = mysql_query($sql) or die(mysql_error().'<br>'.$sql);
$getusername = "SELECT artist FROM sheets WHERE id = $value";
$getuserres = mysql_query($getusername);
$getuserrow = mysql_fetch_assoc($getuserres);
}
Re: problem inputting data that has a single quote
Posted: Wed Sep 22, 2010 12:42 am
by Smudly
Darn, still not working
not getting any errors. It just isn't inputting the single quote or anything after it.