error with my php+mysql insert
Posted: Thu Mar 01, 2012 9:08 am
Hi i am using FCKeditor to upload content into my db and if the copy has a ' in it mysql throws an error where it takes it as the out of the string
I have included my code
Any ideas on how to fix it
Cheers
Kev
I have included my code
Any ideas on how to fix it
Cheers
Kev
Code: Select all
<?php
/* Add News Article */
if(isset($_POST["action"]) && $_POST["action"] == "AddNews") {
$addNewsError = array();
$_POST["title"] = isset($_POST["title"]) ? $_POST["title"] : "NULL";
$_POST["content"] = isset($_POST["content"]) ? $_POST["content"] : "NULL";
$_POST["date"] = isset($_POST["date"]) ? $_POST["date"] : "NULL";
$_POST["online"] = isset($_POST["online"]) ? $_POST["online"] : "NULL";
$query_rsNews = sprintf("INSERT INTO news (title, content, date, online) VALUES ('%s','%s','%s','%d')",$_POST["title"],$_POST["content"],$_POST["date"],$_POST["online"]);
$rsNews = mysql_query($query_rsNews, $skittles) or die(mysql_error());
header("Location: NewsActive.php?status=1");
exit();
}
/* Delete News Article */
if (isset($_POST["DeleteNews"])){
$query_rsNews = "DELETE FROM news WHERE id=" . $_POST["id"];
$rsNews = mysql_query($query_rsNews, $skittles) or die(mysql_error());
header("Location: NewsActive.php?status=1");
exit();
}
/* Update Existing News Article */
if(isset($_POST["action"]) && $_POST["action"] == "UpdateNews") {
$_POST["title"] = isset($_POST["title"]) ? $_POST["title"] : "NULL";
$_POST["content"] = isset($_POST["content"]) ? $_POST["content"] : "NULL";
$_POST["online"] = isset($_POST["online"]) ? $_POST["online"] : "NULL";
$query_rsNews = sprintf("UPDATE news SET title='%s', content='%s', online='%d' WHERE id=%d",$_POST["title"],$_POST["content"],$_POST["online"],$_POST["id"]);
$rsNews = mysql_query($query_rsNews, $skittles) or die(mysql_error());
header("Location: NewsActive.php?status=1");
exit();
}
?>Code: Select all
<form method="post" name="newsform" id="newsform" action="<?php echo($thisPageQS);?>">
<table cellspacing="0" class="NewsForm">
<tbody>
<tr id="NewsRow">
<td class="c1">Name</td>
<td class="c2"><input name="title" type="text" value="<?php echo(htmlentities($_POST["title"]));?>" size="75" tabindex="1" class="text"></td>
</tr>
<tr id="NewsRow">
<td class="c1">Online</td>
<td class="c2">
<select name="online" tabindex="2">
<?php if($_POST["online"] == "1" || $_POST["online"] == "") {
echo('<option value="1" selected="selected">Yes</option>');
echo('<option value="0">No</option>');
}else{
echo('<option value="1" >Yes</option>');
echo('<option value="0" selected="selected">No</option>');
}?>
</select>
</td>
</tr>
<tr id="NewsRow">
<td class="c1">Content</td>
<td class="c2"><?php $WARichTextEditor_1 = CreateRichTextEditor ("content", "../HTMLEditor/", "100%", "400px", "Default", "../custom/ContentForm_content_Content2.js", "".((isset($_POST["content"]))?$_POST["content"]:"") .""); ?></td>
</tr>
<tr id="NewsRow">
<td class="c1" colspan="2">
<input type="hidden" name="id" value="<?php echo $row_rsGetNews["id"]; ?>" id="id" >
<?php if($_GET["News_ID"] != 0) { ?>
<input type="hidden" name="action" value="UpdateNews">
<input name="UpdateNews" type="submit" class="buttonMain" id="UpdateNews" value="Update News">
<input name="DeleteNews" type="submit" class="buttonMain" id="DeleteNews" onclick=";GP_popupConfirmMsg('Are you SURE you want to DELETE this Article? This action cannot be undone.');return document.MM_returnValue" value="Delete News">
<?php } else { ?>
<input type="hidden" name="date" value="<?php echo date('Y-m-d'); ?>">
<input type="hidden" name="action" value="AddNews">
<input name="AddNews" type="submit" class="buttonMain" id="AddNews" value="Add News Article">
<?php } ?>
</td>
</tr>
</tbody>
</table>
</form>