Page 1 of 1

problems making post wih other characters

Posted: Tue Sep 07, 2004 11:53 am
by PringlesOriginal
So, im developing a web forum for learning purposes (using php+mysql).

i use this to store POST data into the $post string

Code: Select all

$post=nl2br(strip_tags($_POSTї"post"]));
i then add $post into the mysql table.

Wehn the POST has odd characters such as:

Code: Select all

'";&#123;&#125;\<>
my query that adds the post to the database dies. How can i get php to parse in 'odd' characters and translate them in such a way that $post can be added to the database?

Posted: Tue Sep 07, 2004 12:00 pm
by AVATAr
try: [php_man]addslashes[/php_man]

feyd | fixed function name.

Posted: Tue Sep 07, 2004 12:08 pm
by PringlesOriginal
AVATAr, it sitll doesnt work...

Posted: Tue Sep 07, 2004 12:09 pm
by feyd
post your code change.

"Doesn't work" doesn't help us.

Posted: Tue Sep 07, 2004 12:12 pm
by AVATAr
post the code

[php_man]mysql_escape_string[/php_man]

(feyd i have just see that tag!!!)

Posted: Tue Sep 07, 2004 12:16 pm
by PringlesOriginal
Avatar, this was my test case:

Code: Select all

test '";;&#123;&#125;&#1111;]|\<>
this was the mysql_escape_string (output)

Code: Select all

test \\''&quote;;;&#123;&#125;&#1111;]|\\\\

Posted: Tue Sep 07, 2004 12:17 pm
by PringlesOriginal
btw, that output is meant to be stored in the mysql database....., but the query dies

Posted: Tue Sep 07, 2004 12:18 pm
by feyd
that's not the code change, post the code change.

Posted: Tue Sep 07, 2004 12:21 pm
by PringlesOriginal
sorry about that, now i feel like a super newb ;)

here's my code change

Code: Select all

$post=nl2br(addslashes(strip_tags($_POST&#1111;"post"])));
i tried putting in addslashes at different locations, didnt really change anything at all

Posted: Tue Sep 07, 2004 12:23 pm
by AVATAr
show us ALL the code... (database query...)

Posted: Tue Sep 07, 2004 12:27 pm
by PringlesOriginal
feyd | Please use

Code: Select all

tags when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]

Code: Select all

function addPost($UserID,$ThreadID,$ForumID,$text)
{


	$user="root";
	$host="+++++";
	$password="+++++";
	$database="forum";
 	$connection=mysql_connect($host,$user,$password) or die ("Couldnt connect to server");
	$db=mysql_select_db($database,$connection) or die ("Couldnt select database");
    $escaped_item = mysql_escape_string($text);
    echo "<br>$escaped_item";
	$query="INSERT INTO posts(threadID,forumID,posterID,text,timeCreated)
	        VALUES ($ThreadID,$ForumID,$UserID,'$text',NULL)";
	$result=mysql_query($query) or die ("Couldnt execute query to add post into database");

	
	return true;
}

addPost($PosterID,$ThreadID,1,$post);
This function works perfectly well when i use 'normal' characters


feyd | Please use

Code: Select all

tags when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]