On Wednesday 14 February 2001 17:56, Tanya Brethour wrote:
> Hi! I was hoping that someone could help me out. I am not positive if I
> understand whats going on.. so let me try to explain.
>
> This is a process to modify news articles in a MySQL database.
>
> (From the point after picking the article to modify)
> PHP Script #1:
> I grab everything from the database and stick it into the HTML form
> (textarea, text, etc). I allow the user to modify whatever they want.
(1) Be sure to run the data through htmlentities() before inserting it
into the textarea. Otherwise stuff like "<" signs, ampersands ("&") etc
will get munched.
> PHP Script #2:
> This script takes the new information and displays it to the user.. it
> is a preview of what it will look like with the changes.
Do a
if (get_magic_quotes_gpc())
{
$TextFromForm = stripslashes ($TextFromForm);
}
That will un-escape the quotes ('some \"text\"' -> 'some "text"'), i.e.
give you the text as it should be.
> PHP Script #3:
> Updates the news article in the database.
>
> Now the problem I am having.. is that the description and content
> fields have qoutes in them. For example:
> Description: I like to run and walk. I love "smelly cheese."
>
> So.. when it tries to update the database. It will only store this as
> the description:
> I like to run and walk. I love\\
$Query = "UPDATE foo SET field1 = '" . addslashes ($TextFromForm) . "'
WHERE ...";
The addslashes () here properly escapes the quotes in your string, so
that the SQL parser can interpret it correctly.
--
Christian Reiniger
LGDC Webmaster (http://sunsite.dk/lgdc/)
Even idiots can handle computers, and many do.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
