Rich Text Editor, Mysql error

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Pazuzu156
Forum Contributor
Posts: 241
Joined: Sat Nov 20, 2010 9:00 pm
Location: GA, USA
Contact:

Rich Text Editor, Mysql error

Post by Pazuzu156 »

I'm using a rich text editor TinyMCE. It works fine and is there so problem. When I type stuff in I get the error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'mollis mollis enim. Donec quis ante dui. Sed bibendum mollis massa, a mattis dia' at line 1

This only happens when I place a ' within my text. I do not understand what I am doing wring or how to fix this, I need it fixed for people to use.

For anyone who wants to test this, here is a like and the login info is:

Username: test
Password: test

http://journal.jae-entertainment.we.bs/test/

PHP processing the post:

Code: Select all

<?php
$entrytitle = $_POST['entrytitle'];
$entrylink = $_POST['entrylink'];
$entrybody = $_POST['entrybody'];

function filterFunction ($var) { 
    
    $var = eregi_replace("'", "'", $var);
    return $var; 
} 
$entrytitle = filterFunction($entrytitle);
$entrylink = filterFunction($entrylink);
$entrybody = filterFunction($entrybody);

include_once "include/connect.php";

$query = mysqli_query($myConnection, "INSERT INTO test (entrytitle, entrylink, entrybody, lastmodified) 
        VALUES('$entrytitle','$entrylink','$entrybody',now())") or die (mysqli_error($myConnection));

echo 'Operation Completed Successfully! <br /><br /><a href="index.php">Click Here</a>';
exit();
?>
- Kaleb Klein
------------------------------------
Web Developer | Software Developer
https://kalebklein.com
PGP Key: https://keybase.io/pazuzu156
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: Rich Text Editor, Mysql error

Post by Darhazer »

use mysql_escape_string or mysql_real_escape_string instead of your own custom function.
User avatar
Pazuzu156
Forum Contributor
Posts: 241
Joined: Sat Nov 20, 2010 9:00 pm
Location: GA, USA
Contact:

Re: Rich Text Editor, Mysql error

Post by Pazuzu156 »

What would be a good example of this. Feel free to mess around with the code provided.
- Kaleb Klein
------------------------------------
Web Developer | Software Developer
https://kalebklein.com
PGP Key: https://keybase.io/pazuzu156
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: Rich Text Editor, Mysql error

Post by Darhazer »

Code: Select all

<?php
$entrytitle = $_POST['entrytitle'];
$entrylink = $_POST['entrylink'];
$entrybody = $_POST['entrybody'];

include_once "include/connect.php";

$query = mysqli_query($myConnection, "INSERT INTO test (entrytitle, entrylink, entrybody, lastmodified) 
        VALUES('".mysqli_escape_string($myConnection, $entrytitle)."','".mysqli_escape_string($myConnection,$entrylink)."','".mysqli_escape_string($myConnection,$entrybody)."',now())") or die (mysqli_error($myConnection));

echo 'Operation Completed Successfully! <br /><br /><a href="index.php">Click Here</a>';
exit();
?>
User avatar
Pazuzu156
Forum Contributor
Posts: 241
Joined: Sat Nov 20, 2010 9:00 pm
Location: GA, USA
Contact:

Re: Rich Text Editor, Mysql error

Post by Pazuzu156 »

Thank you so much, this worked and I'll place this into the parsing for all journals. Thank you.
- Kaleb Klein
------------------------------------
Web Developer | Software Developer
https://kalebklein.com
PGP Key: https://keybase.io/pazuzu156
Post Reply