Page 1 of 1

Rich Text Editor, Mysql error

Posted: Wed Mar 30, 2011 8:07 am
by Pazuzu156
I'm using a rich text editor TinyMCE. It works fine and is there so problem. When I type stuff in I get the error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'mollis mollis enim. Donec quis ante dui. Sed bibendum mollis massa, a mattis dia' at line 1

This only happens when I place a ' within my text. I do not understand what I am doing wring or how to fix this, I need it fixed for people to use.

For anyone who wants to test this, here is a like and the login info is:

Username: test
Password: test

http://journal.jae-entertainment.we.bs/test/

PHP processing the post:

Code: Select all

<?php
$entrytitle = $_POST['entrytitle'];
$entrylink = $_POST['entrylink'];
$entrybody = $_POST['entrybody'];

function filterFunction ($var) { 
    
    $var = eregi_replace("'", "'", $var);
    return $var; 
} 
$entrytitle = filterFunction($entrytitle);
$entrylink = filterFunction($entrylink);
$entrybody = filterFunction($entrybody);

include_once "include/connect.php";

$query = mysqli_query($myConnection, "INSERT INTO test (entrytitle, entrylink, entrybody, lastmodified) 
        VALUES('$entrytitle','$entrylink','$entrybody',now())") or die (mysqli_error($myConnection));

echo 'Operation Completed Successfully! <br /><br /><a href="index.php">Click Here</a>';
exit();
?>

Re: Rich Text Editor, Mysql error

Posted: Wed Mar 30, 2011 8:29 am
by Darhazer
use mysql_escape_string or mysql_real_escape_string instead of your own custom function.

Re: Rich Text Editor, Mysql error

Posted: Wed Mar 30, 2011 8:45 am
by Pazuzu156
What would be a good example of this. Feel free to mess around with the code provided.

Re: Rich Text Editor, Mysql error

Posted: Wed Mar 30, 2011 3:04 pm
by Darhazer

Code: Select all

<?php
$entrytitle = $_POST['entrytitle'];
$entrylink = $_POST['entrylink'];
$entrybody = $_POST['entrybody'];

include_once "include/connect.php";

$query = mysqli_query($myConnection, "INSERT INTO test (entrytitle, entrylink, entrybody, lastmodified) 
        VALUES('".mysqli_escape_string($myConnection, $entrytitle)."','".mysqli_escape_string($myConnection,$entrylink)."','".mysqli_escape_string($myConnection,$entrybody)."',now())") or die (mysqli_error($myConnection));

echo 'Operation Completed Successfully! <br /><br /><a href="index.php">Click Here</a>';
exit();
?>

Re: Rich Text Editor, Mysql error

Posted: Thu Mar 31, 2011 10:30 am
by Pazuzu156
Thank you so much, this worked and I'll place this into the parsing for all journals. Thank you.