Page 1 of 1

problem inputting data that has a single quote

Posted: Tue Sep 21, 2010 7:35 pm
by Smudly
Hi, I'm trying to type in a name of a song into an input field, for example:
I'll Be Missing you

This field is captured through $_POST and set to a variable $title

I then update the table with this new title. Once it is updated, all that is shown in the data is:

I

The single quote, and anything after it is gone completely.
Here is my query. How can I change this so it includes the single quote and everything after it?

Code: Select all

$sql = "UPDATE sheets SET artist = '$artist', title = '$title', active = '$activestatus' WHERE id = $value";
        $result = mysql_query($sql) or die(mysql_error().'<br>'.$sql);  
If more code is required to understand what I'm talking about, let me know.

Re: problem inputting data that has a single quote

Posted: Tue Sep 21, 2010 8:05 pm
by Jonah Bron

Code: Select all

$artist = mysql_real_escape_string($artist);
$title = mysql_real_escape_string($title);
$activestatus = mysql_real_escape_string($activestatus);
$value = intval($value);
$sql = 'UPDATE sheets SET artist = "' . $artist . '", title = "' . $title . '", active = "' . $activestatus . '" WHERE id = ' . $value;
$result = mysql_query($sql) or die(mysql_error().'<br>'.$sql);
This also prevents SQL injection (google it). ALWAYS run any strings you're passing into a query through mysql_real_escape_string(). Run all integers through intval().

Re: problem inputting data that has a single quote

Posted: Tue Sep 21, 2010 8:13 pm
by Smudly
Hey thanks for the in-depth post. I tried your method, but still having the same issue as mentioned before. I'm not getting any errors.

To further understand what is going on with my code, take a look at this :)
The page that allows me to change the name of the title is an admin page. This page lists all the rows in the database.

Code: Select all

function safe($value){
   return mysql_real_escape_string(stripslashes($value));
}
if (isset($submit)){

    // UPDATE USERS INFORMATION FOR ONLY THE ROWS THAT HAVE BEEN MODIFIED
    $user = $_POST['user'];
    foreach($user as $key=>$value)
    {
        $artist = safe($_POST['artist'][$key]);
        $title = safe($_POST['title'][$key]);
        $timesdownloaded = safe($_POST['timesdownloaded'][$key]);
        $lastdownloaded = safe($_POST['lastdownloaded'][$key]);
        $todaydownloads = safe($_POST['todaydownloads'][$key]);
        $location = safe($_POST['url'][$key]);
        $check = safe($_POST['check'][$key]);
        $artist = mysql_real_escape_string($artist);
        $title = mysql_real_escape_string($title);
        if(!$check=="check".$key){
        $sql = 'UPDATE sheets SET artist = "' . $artist . '", title = "' . $title . '", active = "' . $activestatus . '" WHERE id = ' . $value;
$result = mysql_query($sql) or die(mysql_error().'<br>'.$sql);
        $getusername = "SELECT artist FROM sheets WHERE id = $value";
        $getuserres = mysql_query($getusername);
        $getuserrow = mysql_fetch_assoc($getuserres);
        }
Not sure why I'm still having an issue. Any ideas?

Re: problem inputting data that has a single quote

Posted: Tue Sep 21, 2010 11:11 pm
by Jonah Bron
Oh, looks like you're already cleaning the input. Try this.

Code: Select all

function safe($value){
   return mysql_real_escape_string($value);
}
if (isset($submit)){

    // UPDATE USERS INFORMATION FOR ONLY THE ROWS THAT HAVE BEEN MODIFIED
    $user = $_POST['user'];
    foreach($user as $key=>$value)
    {
        $artist = safe($_POST['artist'][$key]);
        $title = safe($_POST['title'][$key]);
        $timesdownloaded = safe($_POST['timesdownloaded'][$key]);
        $lastdownloaded = safe($_POST['lastdownloaded'][$key]);
        $todaydownloads = safe($_POST['todaydownloads'][$key]);
        $location = safe($_POST['url'][$key]);
        $check = safe($_POST['check'][$key]);
        $value = intval($value);
        if(!$check=="check".$key){
        $sql = 'UPDATE sheets SET artist = "' . $artist . '", title = "' . $title . '", active = "' . $activestatus . '" WHERE id = ' . $value;
$result = mysql_query($sql) or die(mysql_error().'<br>'.$sql);
        $getusername = "SELECT artist FROM sheets WHERE id = $value";
        $getuserres = mysql_query($getusername);
        $getuserrow = mysql_fetch_assoc($getuserres);
        }

Re: problem inputting data that has a single quote

Posted: Wed Sep 22, 2010 12:42 am
by Smudly
Darn, still not working :(

not getting any errors. It just isn't inputting the single quote or anything after it.