|
Posted by Paul Furman on 08/09/07 23:17
Paul Furman wrote:
> mysql_real_escape_string() is apparently chopping off anything that
> follows a quote when I grab the data & put it in a form for editing.
> Sorry if I'm not explaining this properly, I'm pretty confused about
> what's going on but I'm guessing someone recognizes this problem.
It's only chopping off for one of the fields with a single quote. Double
quote are OK. I don't see where I'm doing anything different with the
two fields.
> I have code like this:
>
> function db_safe($str) {
> $str = addslashes($str);
> return $str;
> }
>
> function html_safe($str) {
> $str = stripslashes($str);
> return $str;
> }
>
> That's on my live server, I'm not sure if magic quotes is on there or I
> forgot to update because my test server version look like:
>
> function db_safe($str) {
> // $str = addslashes($str);
> $str = mysql_real_escape_string($str);
>
>
> Anyways then there's code like this:
>
> if (isset($_REQUEST["submit"])) {
> $latin_name = html_safe($_REQUEST["latin_name"]);
>
>
> if ((isset($_REQUEST["option"])) && ($_REQUEST["option"] ==
> "update")) {
> $id = $_REQUEST["id"];
> $latin_name=db_safe($latin_name);
>
>
> and this is where it's chopping off text after the quote:
>
>
> <form action=.......
> <input type='text' size='57' name='latin_name' value="<?=$latin_name?>">
>
>
>
--
Paul Furman Photography
http://edgehill.net
Bay Natives Nursery
http://www.baynatives.com
Navigation:
[Reply to this message]
|