|
|
Posted by JB05UK on 09/28/29 11:19
This is the correct way to make a safe mysql query, see if it makes a
difference, taken from:-
http://php.net/manual/en/function.mysql-real-escape-string.php
<?php
// Quote variable to make safe
function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not integer
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
// Connect
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
OR die(mysql_error());
// Make a safe query
$query = sprintf("SELECT * FROM users WHERE user=%s AND password=%s",
quote_smart($_POST['username']),
quote_smart($_POST['password']));
mysql_query($query);
?>
Philip Thompson wrote:
> Hi all.
>
> I have searched for a way to figure out this problem, but nothing is
> popping up. Here's the scenario:
>
> I have a form which I will write to a database - so I escape the form
> content. I have a <textarea></textarea> in the form. Obviously, people
> can type whatever they want to in this textarea, including newlines.
> Ok, I know how to escape the content to put it in the database - but if
> there is an error on the page, I want to redirect back to the page and
> correct their stuff.
>
> So they have in one of the textareas:
>
> --- start here ---
> This is a line in the text area.
>
> This is a line a couple of lines down in the text area.
> --- end here ---
>
> If I print the stuff back out to screen, it reads:
>
> --- start here ---
> This is a line in the text area.\r\n\r\nThis is a line a couple of
> lines down in the text area.
> --- end here ---
>
> Anyone know how/what to replace the \r\n in the textarea to that it
> shows up correctly with the actual newlines, not the \r\n???
>
> Thanks in advance,
> ~Philip
Navigation:
[Reply to this message]
|