Apostrophe in PHP to SQL
Posted: Mon Jul 11, 2011 7:14 pm
Hello,
I am new to sql and php, as I am using a wysiwyg software to build up my site.
I have a sign up form that is connected properly to a mysql database, and in phpmyadmin I can see the data when someone uses the signup form. The only problem is when someone puts in Full Name a name like:
Ala'
Sa'ad
Ra'ed
the sign up is successful and a confirmation email is sent to that person BUT no record is there in mysql database! I searced here and there and found out that I can insert MYSQL_REAL_ESCAPE_STRING, but as I said, I am really not good in php and sql, I always try things with trial and error, but this time it didn't work for me
Here is the code for the page:
As you can see, in fullname validation, I allowed the apostrophe to be used, so that's why the registration returns "successful", and I know this record doesn't appear in sql table as the apostrophe interrupts the field from being recorded.
So please, where do I put the MYSQL_REAL_ESCAPE_STRING? And in what format?
If someone could please rewrite it (the part where it should be) I would be very thankful.
Thank you.
I am new to sql and php, as I am using a wysiwyg software to build up my site.
I have a sign up form that is connected properly to a mysql database, and in phpmyadmin I can see the data when someone uses the signup form. The only problem is when someone puts in Full Name a name like:
Ala'
Sa'ad
Ra'ed
the sign up is successful and a confirmation email is sent to that person BUT no record is there in mysql database! I searced here and there and found out that I can insert MYSQL_REAL_ESCAPE_STRING, but as I said, I am really not good in php and sql, I always try things with trial and error, but this time it didn't work for me
Here is the code for the page:
Code: Select all
<?php
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$action = isset($_POST['action']) ? $_POST['action'] : '';
$mysql_server = 'localhost';
$mysql_username = 'username';
$mysql_password = '********';
$mysql_database = 'database';
$mysql_table = 'members';
$success_page = 'http://www.site.com/success.html';
if ($action == 'signup')
{
$newusername = $_POST['username'];
$newemail = $_POST['email'];
$newpassword = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$newfullname = $_POST['fullname'];
$birthday = $_POST['birthday'];
if ($newpassword != $confirmpassword)
{
$error_message = 'Password and Confirm Password are not the same!';
}
else
if (!ereg("^[A-Za-z0-9_!@$.-]{1,50}$", $newusername))
{
$error_message = 'Username is not valid, please check and try again!';
}
else
if (!ereg("^[A-Za-z0-9_!@$]{1,50}$", $newpassword))
{
$error_message = 'Password is not valid, please check and try again!';
}
else
if (!ereg("^[A-Za-z0-9_!@$.' &-]{1,50}$", $newfullname))
{
$error_message = 'Full name is not valid, please check and try again!';
}
else
if (!ereg("^[-A-Za-z0-9_]+[-A-Za-z0-9_.]*[@]{1}[-A-Za-z0-9_]+[-A-Za-z0-9_.]*[.]{1}[A-Za-z]{2,5}$", $newemail))
{
$error_message = 'Email is not a valid email address. Please check and try again.';
}
if (empty($error_message))
{
$db = mysql_connect($mysql_server, $mysql_username, $mysql_password);
mysql_select_db($mysql_database, $db);
$sql = "SELECT username FROM ".$mysql_table." WHERE username = '".$newusername."'";
$result = mysql_query($sql, $db);
if ($data = mysql_fetch_array($result))
{
$error_message = 'Username is already taken. Please choose another username.';
}
}
if (empty($error_message))
{
$crypt_pass = md5($newpassword);
$sql = "INSERT `".$mysql_table."` (`username`, `password`, `fullname`, `email`, `birthday`, `active`) VALUES ('$newusername', '$crypt_pass', '$newfullname', '$newemail', '$birthday', 0)";
$result = mysql_query($sql, $db);
mysql_close($db);As you can see, in fullname validation, I allowed the apostrophe to be used, so that's why the registration returns "successful", and I know this record doesn't appear in sql table as the apostrophe interrupts the field from being recorded.
So please, where do I put the MYSQL_REAL_ESCAPE_STRING? And in what format?
If someone could please rewrite it (the part where it should be) I would be very thankful.
Thank you.