Removing Slashes In Forms
Posted: Thu Jul 15, 2004 5:20 am
I'll keep this simple. 
I have a form that submits data from the form fields into a MySQL database. People's names may contain an apostrophe so when they enter that, I want it to store the result just like any other. At the moment, my script puts a slash in front of the apostrophe when it stores it. Here's my code:
I originally had "stripslashes" instead of "addslashes" but it was giving me an error message such as "There is an error in your SQL syntax near..." followed by the first instance of some information containing an apostrophe. So, does anyone know how to fix this problem?
I have a form that submits data from the form fields into a MySQL database. People's names may contain an apostrophe so when they enter that, I want it to store the result just like any other. At the moment, my script puts a slash in front of the apostrophe when it stores it. Here's my code:
Code: Select all
<?php
$date=date("d-m-Y");
$database_name = "my_database";
$dbh = mysql_connect("localhost","username","password");
if (!mysql_select_db($database_name)) {
echo "Unable to select "$database_name" database";
}
$first_name = ltrim(rtrim(strip_tags(addslashes($_POST['first_name']))));
$last_name = ltrim(rtrim(strip_tags(addslashes($_POST['last_name']))));
$birth_year = ltrim(rtrim(strip_tags(addslashes($_POST['birth_year']))));
$email = ltrim(rtrim(strip_tags(addslashes($_POST['email']))));
$address = ltrim(rtrim(strip_tags(addslashes($_POST['address']))));
$city = ltrim(rtrim(strip_tags(addslashes($_POST['city']))));
$state_province = ltrim(rtrim(strip_tags(addslashes($_POST['state_province']))));
$country = ltrim(rtrim(strip_tags(addslashes($_POST['country']))));
$zip = ltrim(rtrim(strip_tags(addslashes($_POST['zip']))));
$continent = ltrim(rtrim(strip_tags(addslashes($_POST['continent']))));
$phone = ltrim(rtrim(strip_tags(addslashes($_POST['phone']))));
$major_city = ltrim(rtrim(strip_tags(addslashes($_POST['major_city']))));
$faves = ltrim(rtrim(strip_tags(addslashes($_POST['faves']))));
$comments = ltrim(rtrim(strip_tags(addslashes($_POST['comments']))));
// VALIDATION
if(empty($first_name) || empty($last_name) || empty($email) || empty($address) || empty($city) || empty($country) || empty($zip) || empty($continent)) {
echo "<span class="error">Error!</span><br><br>You have not filled in all the required fields.<br><br><a href="javascript:history.go(-1)">Click here to go back to the form.</a>";
}
elseif(!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
echo "<span class="error">Error!</span><br><br>The email address you have entered is invalid.<br><br><a href="javascript:history.go(-1)">Click here to go back to the form.</a>";
}
else {
$sql = "insert into street_team (date, first_name, last_name, birth_year, email, address, city, state_province, country, zip, continent, phone, major_city, faves, comments)
values ('$date', '$first_name', '$last_name', '$birth_year', '$email', '$address', '$city', '$state_province', '$country', '$zip', '$continent', '$phone', '$major_city', '$faves', '$comments')";
$res = mysql_query($sql,$dbh);
if (!$res) {
echo mysql_errno().": ".mysql_error ()."";
return 0;
}
echo "<span class="confirmation">Success!</span><br><br>You are now a member of the Street Team."; }
?>