By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,537 Members | 1,471 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,537 IT Pros & Developers. It's quick & easy.

php/mysql single quatotion problem.

P: 1
Hi,
I have an issue with php and/or mysql. I have a php form that writes "items"
to a mysql database, including a description of the item.

I am testing it now by putting special characters in the description field,
this is what I am entering:

Reader's Digest

Now, this item data always gets written to the db just fine and shows up in the db as entered. Seems correct and working just fine up to this point.

My problem is with my "edit item (PUBLISHER textbox)" page. This page allows users to update items, but when the data is called back up from the db to display in the "edit item" page and the description contains single quotes, the description is cut off, and only shows:

Reader

Here is the code on the "edit item" page:

<?php
session_start();
if ($_SESSION["validuser"]<>"YES") {
Header ("location: ../index.php");
}
include "dbConfig.php";

echo "<form enctype='multipart/form-data' action='editMag3.php' method='post' >";

$id = $_REQUEST['id'];
$_SESSION['id'] = $id;
$mysql_query = "select * from dbMag where id='$id' " ;
$n1 = mysql_query($mysql_query);
$r1 = mysql_num_rows($n1);
if($r1==0) {
die("<script>alert('Magazine Title not found. Try again.');history.back()</script>");
}

$n = mysql_fetch_array($n1);
$title = $n[0];
$_SESSION['magTitle']=$title;
$issue = $n[1];
// $link = $n[2];
$online = $n[3];
$type = $n[4];
$picture = $n[5];
$subtitle = $n[6];
$price = $n[7];
$publisher = $n[8];
//$publisher = htmlentites($n[8]);




//echo "$publisher";

echo "<h1>Edit Magazine</h1>";
echo "<table border='0'>";
echo "<tr>";
echo "<td width='100'>Title:</td>";
echo "<td width='100'>$title";
echo "</tr>";
echo "<tr>";
echo "<td width='100'>Sub Title:</td>";
echo "<td><input size='60' name='i1' value='$subtitle'></td>";
echo "</tr>";
echo "<tr>";
echo "<td width='100'>Issue No:</td>";
echo "<td><input size='60' name='i2' value='$issue'></td>";
echo "</tr>";
echo "<td width='100'>Type:</td>";
echo "<td><input size='60' name='i3' value='$type'></td>";
echo "</tr>";
echo "<tr>";
echo "<td width='100'>Price:</td>";
echo "<td><input size='60' name='i4' value='$price'></td>";
echo "</tr>";
echo "<tr>";
echo "<td width='100'>Publisher:</td>";

echo "<td><input size='60' type=text name=i5 value='$publisher'></td>";

//echo "<td><input size='60' name='i5' value='$publisher'></td>";
echo "</tr>";
echo "<tr>";
// echo "<td width='100'>Link:</td>";
// echo "<td><input size='60' name='i6' value='$link'></td>";
// echo "</tr>";


echo "<td width='100'>Picture:</td>";
echo "<td><input size='60' name='i7' value='$picture'></td>";
echo "</tr>";

echo "<tr>";
echo "<td width='100'><input type='hidden' name='MAX_FILE_SIZE' value='1000000'>Select New Picture:</td>";
echo "<td><input size='60' type='file' name='userfile' value='$newPic'></td>";
//echo"<td><input type='submit' value='upload'></td>";
echo "</tr>";



echo "<tr>";
echo "<td width='100'>Online:</td>";
echo "<td width='20'><select name='i8'>";
if ($online == "ON"){
echo "<option value='$online' selected>$online</option>";
echo "<option value='OFF'>OFF</option>";
} else {
echo "<option value='$online' selected>$online</option>";
echo "<option value='ON'>ON</option>";
}
echo "</select></td>";
echo "</tr>";

echo "<tr><td></td><td><input type='submit' value='submit'></td></tr>";
echo "</form>";
echo "</font>";

//echo "<form action='upnewbookcover.php' method='post'>";
// echo "<tr><td><td><input type='submit' value='change cover'><a href='upnewbookcover.php'></a></td></tr>";
// echo "</form>";



echo "<form action='magList.php' method='post'>";
echo "<tr><td><td><input type='submit' value='Cancel'><a href='magList.php'></a></td></tr>";
echo "</form>";
echo "</table>";


?>
Put your code within php, code or html TAGS!!!! - Ronald :cool:
Nov 22 '06 #1
Share this Question
Share on Google+
1 Reply


P: 17
Hi,
I have an issue with php and/or mysql. I have a php form that writes "items"
to a mysql database, including a description of the item.

I am testing it now by putting special characters in the description field,
this is what I am entering:

Reader's Digest

Now, this item data always gets written to the db just fine and shows up in the db as entered. Seems correct and working just fine up to this point.

My problem is with my "edit item (PUBLISHER textbox)" page. This page allows users to update items, but when the data is called back up from the db to display in the "edit item" page and the description contains single quotes, the description is cut off, and only shows:

Reader

Here is the code on the "edit item" page:

<?php
session_start();
if ($_SESSION["validuser"]<>"YES") {
Header ("location: ../index.php");
}
include "dbConfig.php";

echo "<form enctype='multipart/form-data' action='editMag3.php' method='post' >";

$id = $_REQUEST['id'];
$_SESSION['id'] = $id;
$mysql_query = "select * from dbMag where id='$id' " ;
$n1 = mysql_query($mysql_query);
$r1 = mysql_num_rows($n1);
if($r1==0) {
die("<script>alert('Magazine Title not found. Try again.');history.back()</script>");
}

$n = mysql_fetch_array($n1);
$title = $n[0];
$_SESSION['magTitle']=$title;
$issue = $n[1];
// $link = $n[2];
$online = $n[3];
$type = $n[4];
$picture = $n[5];
$subtitle = $n[6];
$price = $n[7];
$publisher = $n[8];
//$publisher = htmlentites($n[8]);




//echo "$publisher";

echo "<h1>Edit Magazine</h1>";
echo "<table border='0'>";
echo "<tr>";
echo "<td width='100'>Title:</td>";
echo "<td width='100'>$title";
echo "</tr>";
echo "<tr>";
echo "<td width='100'>Sub Title:</td>";
echo "<td><input size='60' name='i1' value='$subtitle'></td>";
echo "</tr>";
echo "<tr>";
echo "<td width='100'>Issue No:</td>";
echo "<td><input size='60' name='i2' value='$issue'></td>";
echo "</tr>";
echo "<td width='100'>Type:</td>";
echo "<td><input size='60' name='i3' value='$type'></td>";
echo "</tr>";
echo "<tr>";
echo "<td width='100'>Price:</td>";
echo "<td><input size='60' name='i4' value='$price'></td>";
echo "</tr>";
echo "<tr>";
echo "<td width='100'>Publisher:</td>";

echo "<td><input size='60' type=text name=i5 value='$publisher'></td>";

//echo "<td><input size='60' name='i5' value='$publisher'></td>";
echo "</tr>";
echo "<tr>";
// echo "<td width='100'>Link:</td>";
// echo "<td><input size='60' name='i6' value='$link'></td>";
// echo "</tr>";


echo "<td width='100'>Picture:</td>";
echo "<td><input size='60' name='i7' value='$picture'></td>";
echo "</tr>";

echo "<tr>";
echo "<td width='100'><input type='hidden' name='MAX_FILE_SIZE' value='1000000'>Select New Picture:</td>";
echo "<td><input size='60' type='file' name='userfile' value='$newPic'></td>";
//echo"<td><input type='submit' value='upload'></td>";
echo "</tr>";



echo "<tr>";
echo "<td width='100'>Online:</td>";
echo "<td width='20'><select name='i8'>";
if ($online == "ON"){
echo "<option value='$online' selected>$online</option>";
echo "<option value='OFF'>OFF</option>";
} else {
echo "<option value='$online' selected>$online</option>";
echo "<option value='ON'>ON</option>";
}
echo "</select></td>";
echo "</tr>";

echo "<tr><td></td><td><input type='submit' value='submit'></td></tr>";
echo "</form>";
echo "</font>";

//echo "<form action='upnewbookcover.php' method='post'>";
// echo "<tr><td><td><input type='submit' value='change cover'><a href='upnewbookcover.php'></a></td></tr>";
// echo "</form>";



echo "<form action='magList.php' method='post'>";
echo "<tr><td><td><input type='submit' value='Cancel'><a href='magList.php'></a></td></tr>";
echo "</form>";
echo "</table>";


?>
Hi !

I suggest, its always a best practice to use " addslashes() " when you are inserting into the database and use " stripslashes() " when you read it back .
Try it.
Good luck !
Nov 29 '06 #2

Post your reply

Sign in to post your reply or Sign up for a free account.