|
|
Posted by Pedro Graca on 10/12/06 11:17
= poster = wrote:
> I created a textbox form to publish news on my site ...
> It's a simple textbox with an submit button.
> When the button is pressed the data in the textbox is stored in mysql .
>
> When I wan't to retrieve the stored text and display it through PHP some
> words aren't displayed right.
> An example : Isn't is displayed as Isn\'t
I suspect your SQL command is something like
$sql = "insert <table> (<column>) values ('{$_POST['text']}')";
Your PHP is configured with magic_quotes on.
Special characters in $_POST['text'] are automatically escaped by PHP
before the values reach your script.
When the text box entry is
This isn't right.
what PHP sees is
This isn\'t right.
This is probably what you want as it avoids the syntax error in
insert <table> (<column>) values ('This isn't right')
==================================^--------^-------^
If you try to second guess PHP and addslashes() or
mysql_real_escape_string() without a previous stripslashes() the result
will be
insert <table> (<column>) value ('This isn\\\'t right')
So ... either rely on magic_quotes (bad choice!) or make sure you
mysql_real_escape_string() to unescaped data
<?php
$user_data = mysql_real_escaped_string(
get_magic_quotes_gpc()
? stripslashes($_POST['text'])
: $_POST['text']
);
$sql = "insert <table> (<column>) values ('$user_data')";
--
File not found: (R)esume, (R)etry, (R)erun, (R)eturn, (R)eboot
Navigation:
[Reply to this message]
|