MySQL version - 5.0.45
magic_quotes_gpc - On
I'm using the edit script below. When the form is displayed with the information to be edited - if there is a single quote in the title it (the title) gets messed up.
When this script is first called it displays a list of all the titles in the database with an Edit ---- Delete link next to it.
At this point the title is displayed correctly. For example:
$title = The World's Fastest Car
What's displayed = The World's Fastest Car
The 's after World is there. Good
When you click on Edit next to a title, a form is displayed with all the information from the database.
Everything shows up OK except for the title. For example:
$title = The World's Fastest Car
What's displayed and re-entered into the database when edit is submitted = The World Fastest Car
The 's after World is now gone. I've tried several things but can't seem to overcome this problem. Any ideas?
Expand|Select|Wrap|Line Numbers
- <?php
- include("includes/dbconnect.php");
- if(!isset($cmd))
- {
- $result = mysql_query("select * from cool order by id desc");
- while($r = mysql_fetch_array($result))
- {
- $title = stripslashes($r['title']);
- $source = stripslashes($r['source']);
- $content = stripslashes($r['content']);
- $id = $r['id'];
- echo "
- $title [ <a href='edit_cool.php?cmd=edit&id=$id'>Edit</a> ]
- [ <a href='edit_cool.php?cmd=delete&id=$id'>Delete</a> ]
- <br>
- ";
- }
- }
- if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")
- {
- if (!isset($_POST["submit"]))
- {
- $id = $_GET["id"];
- $sql = "SELECT * FROM cool WHERE id='$id'";
- $result = mysql_query($sql);
- $myrow = mysql_fetch_array($result);
- $title = stripslashes($myrow['title']);
- $source = stripslashes($myrow['source']);
- $content = stripslashes($myrow['content']);
- $id = $myrow['id'];
- echo "
- <form action='edit_cool.php' method='post'>
- <input type=hidden name='id' value='$id'>
- Title:<br>
- <input type='text' name='title' value='$title' ><br><br>
- Source:<br>
- <input type='text' name='source' value='$source'><br><br>
- Content:<br>
- <textarea name='content' rows=30 wrap=virtual>$content</textarea><br><br>
- <input type='hidden' name='cmd' value='edit'>
- <input type='submit' name='submit' value='submit'>
- </form>
- ";
- }
- if ($_POST["$submit"])
- {
- $title = escape_data($_POST['title']);
- $source = escape_data($_POST['source']);
- $content = escape_data($_POST['content']);
- $sql = "UPDATE cool
- SET title='$title',
- content='$content',
- source='$source'
- WHERE id='$id'";
- $result = mysql_query($sql);
- echo "Information updated.";
- }
- }
- ?>