problems making post wih other characters

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
PringlesOriginal
Forum Newbie
Posts: 10
Joined: Tue Sep 07, 2004 11:49 am

problems making post wih other characters

Post by PringlesOriginal »

So, im developing a web forum for learning purposes (using php+mysql).

i use this to store POST data into the $post string

Code: Select all

$post=nl2br(strip_tags($_POSTї"post"]));
i then add $post into the mysql table.

Wehn the POST has odd characters such as:

Code: Select all

'";&#123;&#125;\<>
my query that adds the post to the database dies. How can i get php to parse in 'odd' characters and translate them in such a way that $post can be added to the database?
User avatar
AVATAr
Forum Regular
Posts: 524
Joined: Tue Jul 16, 2002 4:19 pm
Location: Uruguay -- Montevideo
Contact:

Post by AVATAr »

try: [php_man]addslashes[/php_man]

feyd | fixed function name.
PringlesOriginal
Forum Newbie
Posts: 10
Joined: Tue Sep 07, 2004 11:49 am

Post by PringlesOriginal »

AVATAr, it sitll doesnt work...
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

post your code change.

"Doesn't work" doesn't help us.
User avatar
AVATAr
Forum Regular
Posts: 524
Joined: Tue Jul 16, 2002 4:19 pm
Location: Uruguay -- Montevideo
Contact:

Post by AVATAr »

post the code

[php_man]mysql_escape_string[/php_man]

(feyd i have just see that tag!!!)
PringlesOriginal
Forum Newbie
Posts: 10
Joined: Tue Sep 07, 2004 11:49 am

Post by PringlesOriginal »

Avatar, this was my test case:

Code: Select all

test '";;&#123;&#125;&#1111;]|\<>
this was the mysql_escape_string (output)

Code: Select all

test \\''&quote;;;&#123;&#125;&#1111;]|\\\\
PringlesOriginal
Forum Newbie
Posts: 10
Joined: Tue Sep 07, 2004 11:49 am

Post by PringlesOriginal »

btw, that output is meant to be stored in the mysql database....., but the query dies
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

that's not the code change, post the code change.
PringlesOriginal
Forum Newbie
Posts: 10
Joined: Tue Sep 07, 2004 11:49 am

Post by PringlesOriginal »

sorry about that, now i feel like a super newb ;)

here's my code change

Code: Select all

$post=nl2br(addslashes(strip_tags($_POST&#1111;"post"])));
i tried putting in addslashes at different locations, didnt really change anything at all
User avatar
AVATAr
Forum Regular
Posts: 524
Joined: Tue Jul 16, 2002 4:19 pm
Location: Uruguay -- Montevideo
Contact:

Post by AVATAr »

show us ALL the code... (database query...)
PringlesOriginal
Forum Newbie
Posts: 10
Joined: Tue Sep 07, 2004 11:49 am

Post by PringlesOriginal »

feyd | Please use

Code: Select all

tags when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]

Code: Select all

function addPost($UserID,$ThreadID,$ForumID,$text)
{


	$user="root";
	$host="+++++";
	$password="+++++";
	$database="forum";
 	$connection=mysql_connect($host,$user,$password) or die ("Couldnt connect to server");
	$db=mysql_select_db($database,$connection) or die ("Couldnt select database");
    $escaped_item = mysql_escape_string($text);
    echo "<br>$escaped_item";
	$query="INSERT INTO posts(threadID,forumID,posterID,text,timeCreated)
	        VALUES ($ThreadID,$ForumID,$UserID,'$text',NULL)";
	$result=mysql_query($query) or die ("Couldnt execute query to add post into database");

	
	return true;
}

addPost($PosterID,$ThreadID,1,$post);
This function works perfectly well when i use 'normal' characters


feyd | Please use

Code: Select all

tags when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
Post Reply