Page 1 of 2
pass special characters to my database
Posted: Mon Mar 14, 2011 1:19 am
by marniel647
help me guys
for example..
i have a height button.. and the user input 5'2" and click submit button..but when i click submit button i have a mysql error but when i input 5 feet it doesn't give me an error
how can i do that i can pass the 5'2" in the database.. with special characters
thanks
Re: pass special characters to my database
Posted: Mon Mar 14, 2011 3:43 am
by Darhazer
first, all input should be run trough mysql_escape_string / mysql_real_escape_string
if this does not resolve your issue, show us the query and the exact error message
Re: pass special characters to my database
Posted: Mon Mar 14, 2011 4:59 am
by marniel647
thanks for responding mate... i will try that and post the result... thanks
Re: pass special characters to my database
Posted: Mon Mar 14, 2011 5:37 am
by marniel647
its ok now but when i check my database i only see ; not the 5'2".. what d you think is the problem
Re: pass special characters to my database
Posted: Mon Mar 14, 2011 5:50 am
by Darhazer
You have error on line 173
Seriously, show us some code.
And by the way, what is the encoding of the table / field. Did you run 'SET names <encoding>' query after connecting to the database? What is the type of the field itself?
Re: pass special characters to my database
Posted: Mon Mar 14, 2011 6:59 am
by marniel647
Darhazer wrote:You have error on line 173
Seriously, show us some code.
And by the way, what is the encoding of the table / field. Did you run 'SET names <encoding>' query after connecting to the database? What is the type of the field itself?
utf is the encoding of the table also the height field is varchar..
i did not run set name after connecting to the database
here's my code:
Code: Select all
<?php
$con = mysql_connect("localhost","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("thesistesting_clanteam_applicants", $con);
$sub = mysql_real_escape_string($_POST['height']);
$sql="INSERT INTO records(lastname, firstname, middlename, provaddress, telephone, cityaddress, mobileno, bdate, bplace, height, weight, civils) VALUES('$_POST[lastname]','$_POST[firstname]','$_POST[middlename]','$_POST[provaddress]','$_POST[telephone]','$_POST[cityaddress]','$_POST[mobileno]','$_POST[$sub]','$_POST[bplace]','$_POST[$sub];','$_POST[weight]','$_POST[civils]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo $_POST["firstname"]. " " ."Thanks for Using our Online Application We will call you back when your application is review";
mysql_close($con)
?>
sorry newbie in php..
by the way thanks for responding
Re: pass special characters to my database
Posted: Mon Mar 14, 2011 7:13 am
by Darhazer
Code: Select all
<?php
$con = mysql_connect("localhost","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("thesistesting_clanteam_applicants", $con);
$sql="INSERT INTO records(lastname, firstname, middlename, provaddress, telephone, cityaddress, mobileno, bdate, bplace, height, weight, civils) VALUES('".mysql_escape_string($_POST[lastname])."','".mysql_escape_string($_POST[firstname])."','".mysql_escape_string($_POST[middlename]."','".mysql_escape_string($_POST[provaddress])."','".mysql_escape_string($_POST[telephone])."','".mysql_escape_string($_POST[cityaddress])."','".mysql_escape_string($_POST[mobileno])."','".mysql_escape_string($_POST['height']').",'".mysql_escape_string($_POST[bplace])."','".mysql_escape_string($_POST['height'])".','".mysql_escape_string($_POST[weight])."','".mysql_escape_string($_POST[civils])."')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo $_POST["firstname"]. " " ."Thanks for Using our Online Application We will call you back when your application is review";
mysql_close($con)
?>
Re: pass special characters to my database
Posted: Mon Mar 14, 2011 7:35 am
by marniel647
$sql="insert into records(lastname, firstname, middlename, provaddress, telephone, cityaddress, mobileno, bdate, bplace, height, weight, civils) VALUES('".mysql_escape_string($_POST[lastname])."','".mysql_escape_string($_POST[firstname])."','".mysql_escape_string($_POST[middlename]."','".mysql_escape_string($_POST[provaddress])."','".mysql_escape_string($_POST[telephone])."','".mysql_escape_string($_POST[cityaddress])."','".mysql_escape_string($_POST[mobileno])."','".mysql_escape_string($_POST[bdate])."','".mysql_escape_string($_POST[bplace])."','".mysql_escape_string($_POST[height])."','".mysql_escape_string($_POST[weight])."','".mysql_escape_string($_POST[civils])."')";
Re: pass special characters to my database
Posted: Mon Mar 14, 2011 7:36 am
by marniel647
error on this line
Code: Select all
$sql="insert into records(lastname, firstname, middlename, provaddress, telephone, cityaddress, mobileno, bdate, bplace, height, weight, civils) VALUES('".mysql_escape_string($_POST[lastname])."','".mysql_escape_string($_POST[firstname])."','".mysql_escape_string($_POST[middlename]."','".mysql_escape_string($_POST[provaddress])."','".mysql_escape_string($_POST[telephone])."','".mysql_escape_string($_POST[cityaddress])."','".mysql_escape_string($_POST[mobileno])."','".mysql_escape_string($_POST[bdate])."','".mysql_escape_string($_POST[bplace])."','".mysql_escape_string($_POST[height])."','".mysql_escape_string($_POST[weight])."','".mysql_escape_string($_POST[civils])."')";
EDIT : syntax error, unexpected ';'
thats the error
Re: pass special characters to my database
Posted: Mon Mar 14, 2011 7:57 am
by Darhazer
Here is the correct code:
Code: Select all
$sql="insert into records(lastname, firstname, middlename, provaddress, telephone, cityaddress, mobileno, bdate, bplace, height, weight, civils) VALUES('".mysql_escape_string($_POST[lastname])."','".mysql_escape_string($_POST[firstname])."','".mysql_escape_string($_POST[middlename])."','".mysql_escape_string($_POST[provaddress])."','".mysql_escape_string($_POST[telephone])."','".mysql_escape_string($_POST[cityaddress])."','".mysql_escape_string($_POST[mobileno])."','".mysql_escape_string($_POST[bdate])."','".mysql_escape_string($_POST[bplace])."','".mysql_escape_string($_POST[height])."','".mysql_escape_string($_POST[weight])."','".mysql_escape_string($_POST[civils])."')";
There was ) missing
Re: pass special characters to my database
Posted: Mon Mar 14, 2011 8:06 am
by marniel647
Darhazer wrote:Here is the correct code:
Code: Select all
$sql="insert into records(lastname, firstname, middlename, provaddress, telephone, cityaddress, mobileno, bdate, bplace, height, weight, civils) VALUES('".mysql_escape_string($_POST[lastname])."','".mysql_escape_string($_POST[firstname])."','".mysql_escape_string($_POST[middlename])."','".mysql_escape_string($_POST[provaddress])."','".mysql_escape_string($_POST[telephone])."','".mysql_escape_string($_POST[cityaddress])."','".mysql_escape_string($_POST[mobileno])."','".mysql_escape_string($_POST[bdate])."','".mysql_escape_string($_POST[bplace])."','".mysql_escape_string($_POST[height])."','".mysql_escape_string($_POST[weight])."','".mysql_escape_string($_POST[civils])."')";
There was ) missing
LOL i did not seen that i check many times... by the way thanks its work.. if i have a problem again i will search for you..
thanks my friend
Re: pass special characters to my database
Posted: Mon Mar 14, 2011 8:56 am
by Darhazer
You're welcome.
I hope you've learned that you always HAVE TO escape your input

Re: pass special characters to my database
Posted: Mon Mar 14, 2011 9:06 am
by marniel647
Darhazer wrote:You're welcome.
I hope you've learned that you always HAVE TO escape your input

yes i will remember that...
also can i pass a image to my database...?
for example i have a phplogo.png and i would like to put this into mysql database..
how can i done that..?
Re: pass special characters to my database
Posted: Mon Mar 14, 2011 9:46 am
by Darhazer
You can either put the entire image in the database, using a BLOB field type (and file_get_contents() to get the content of the image), or you can just store the path to the file in the database, and store image in the file system.
Re: pass special characters to my database
Posted: Mon Mar 14, 2011 9:58 am
by marniel647
i think i will only store the path to the database and store the image in the file system..
because i think the image will occupy more space to my database..
can you teach me how to done that..
thanks your the best ..
