|
|
Posted by Jerry Stuckle on 10/02/06 18:51
Tony wrote:
> I have been using TinyMCE as a WYSIWYG editor for getting content into
> a database and then exporting that data into an XML format to redender
> in flash using CDATA. The problem is that I didn't realize that Flash
> has a problem with character entities such as ' ” and a few
> others. I need to search and replace these but I keep on getting a SQL
> error.
>
> I get this error:::
> Query failed: You have an error in your SQL syntax; check the manual
> that corresponds to your MySQL server version for the right syntax to
> use near 's Web site and landing...', content = 'Check customer\'s Web
> site and' at line 3
>
> My update SQL command is simple:
> UPDATE theTableName
> SET content = 'the new content to be inserted'
> WHERE id = '22'
>
> My PHP config on the server is (i just thought to take a look at how
> the server was set up):
> magic_quotes_gpc = on
> magic_quotes_runtime = off
> magic_quotes_sybase = off
>
> I echo'ed out the query and I still can't see the problem. The only
> thing that I can think of is that the content has " in it and I'm doing
> a search and replace on it's character entity ” to change it to
> the literal " but it ends up escaping those " to \" and it might end up
> causing a problem in SQL. But see that sounds stupid to me so I'm not
> too confident with that reasoning.
>
> Here's the code in context as to what I'm doing currently
> $newContent = str_replace($_POST['frmOldPhrase'],
> $_POST['frmNewPhrase'], $srRow['content'], $contentCount);
> $newTitle = str_replace($_POST['frmOldPhrase'], $_POST['frmNewPhrase'],
> $srRow[$title], $titleCount);
>
> $sqlUpdateFields = '';
>
> if( $contentCount > 0 )
> {
> $sqlUpdateFields .= "content = '".$newContent."'";
> }
> if( $sqlUpdateFields != '' )
> {
> $sqlUpdateFields .= ", ";
> }
> if( $titleCount > 0 )
> {
> $sqlUpdateFields .= "title = '".$newTitle."'";
> }
>
> $srUpdateSql = "UPDATE ".$table." SET ".$sqlUpdateFields." WHERE id =
> '".$srRow['id']."'";
>
>
>
> That's the code I'm using. I'm stumped here. I tried addslashes()
> around my content and that just added like 4 slashes because it was
> escaping the already added slashes from having majic quotes on.
>
> What am I doing wrong here??
>
First of all, you should use mysql_real_escape_string() instead of
addslashes() to prepare your statement for inserting.
Then echo your statement before you insert it and post the entire output
of the echo (not some dummy data - it's important) here.
P.S. - is your id a numeric field? If so, you should not have quotes
around '22'. But that isn't where the message is pointing. You have
another problem.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|