My approach towards this problem was to parse the data before inserting
and before displaying.
Before inserting the data entered by user, do something like
str_replace($comments, "'","~") and do the same thing for " do a
different character like | and then insert it into database.
Do the reverse before displaying the data, it should fix your problem..
Tanya Brethour wrote:
> Hi! I was hoping that someone could help me out. I am not positive if I
> understand whats going on.. so let me try to explain.
>
> This is a process to modify news articles in a MySQL database.
>
> (From the point after picking the article to modify)
> PHP Script #1:
> I grab everything from the database and stick it into the HTML form
> (textarea, text, etc). I allow the user to modify whatever they want.
>
> PHP Script #2:
> This script takes the new information and displays it to the user.. it is
> a preview of what it will look like with the changes.
>
> PHP Script #3:
> Updates the news article in the database.
>
> Now the problem I am having.. is that the description and content fields
> have qoutes in them. For example:
> Description: I like to run and walk. I love "smelly cheese."
>
> So.. when it tries to update the database. It will only store this as the
> description:
> I like to run and walk. I love\\
>
> I know that its because the qoutes are not being escaped correctly.. and
> it seems as though it is escaping the escape.
>
> So my question is.. how can I keep my qoutes?
>
> Just FYI.. I am making the user enter in the description and content in
> html. So i cant just change the qoutes to HTMLTags because it would change
> my <P> and <a href=> etc.
>
> Below is an example of the code (shortened for an example):
>
> PHP Script #1: Editing description
>
> print'
> </textarea><br>
> Description:<br><textarea name=describe cols=40 rows=10>';
> echo $info["description"];
> print'
> </textarea><br>';
>
> PHP Script #2: (preview changes)
>
> <input type=hidden name=describe value="<?php print $describe?>">
> <b>Description:</b><br>
> <?php print $describe?> <p>
>
> PHP Script #3: (update database)
> $sql = "UPDATE news SET release_date='$date', title='$title',
> description='$describe', contact='$contact', content='$test', type='$type'
> WHERE news_id=$id";
> $result = mysql_query($sql)
>
>
> Thanks in advance.
>
> -Tanya
>
>
>
>
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
