www.webdeveloper.com
Results 1 to 9 of 9

Thread: Replace ' in the text area?

  1. #1
    Join Date
    Aug 2007
    Posts
    23

    Question Replace ' in the text area?

    Ok, mysql wont let my users post this charecter ' (don't) in the textarea...
    So whats the best what to ad a remove ' string to my php witch send the info to the database?

    here is the info in the text area
    <textarea name="aboutme" cols="25" rows="10" wrap="virtual" id="aboutme"></textarea>
    It submits to my creatmember.php where it checks for errors "no email no user id" so on, then inserts the data.

    I tried java script but onlt seems to work on tex feilds not textarea...
    And i cant leave it like that, it says saved user but never send the sql info...

  2. #2
    Join Date
    Aug 2007
    Posts
    23

    Lightbulb

    Oh i just found this, so i wanted to post it here maybe get help faster

    Can i use the above code for 2 text areas in my php form?
    Like this:
    <script language="Javascript">
    function replaceStr(){
    var yourString = document.getElementById("aboutme, likesdislikes");
    yourString.value = yourString.value.replace(/\'/gi,"'");
    }
    </script>
    And in the form:
    <form enctype="multipart/form-data" action="saveuser.php" method="post" onsubmit="replaceStr()">

  3. #3
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    Use mysql_real_escape_string() to allow users to use " ' " in there posts.

    Do not trust javascript, you're sql my be open to injection with the code you provided above.
    Quote Originally Posted by temp.user123
    You know... You're not so smart. Do you need me to educate you?
    If you say, "please," (and do so, nicely) then I will show you where you're dead wrong.

  4. #4
    Join Date
    Aug 2007
    Posts
    23

    Question

    kk, but how do i use that code? mysql_real_escape_string()
    do i ad it to the php <? mysql_real_escape_string() ?> or othere please help me i have no clue lol

  5. #5
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    PHP Code:
    mysql_query("INSERT INTO myTable (`myField`) VALUES ('".mysql_real_escape_string($myValue)."')"); 
    Like that.
    Quote Originally Posted by temp.user123
    You know... You're not so smart. Do you need me to educate you?
    If you say, "please," (and do so, nicely) then I will show you where you're dead wrong.

  6. #6
    Join Date
    Aug 2007
    Posts
    23

    Question

    Ok so i use it like this, with my exsisting code..

    Befor my old code code:
    $sql = "insert into items (itemid, title, directions, rating, categoryid, date, status, gameinfo, gamerating, publisher, genar, userid) values ($itemid, '$itemtitle', '$newdirections', 0, $catid, '$date', '$status', '$gameinfo', '$gamerating', '$publisher', '$genar', $uid)";
    $result = mysql_query($sql ,$db);
    After i used your code with mine:
    $sql = "insert into items (.mysql_real_escape_string($myValue). itemid, title, directions, rating, categoryid, date, status, gameinfo, gamerating, publisher, genar, userid) values ($itemid, '$itemtitle', '$newdirections', 0, $catid, '$date', '$status', '$gameinfo', '$gamerating', '$publisher', '$genar', '.mysql_real_escape_string($myValue).', $uid)";
    $result = mysql_query($sql ,$db);
    Like that?
    Last edited by Breana; 08-20-2007 at 11:08 AM.

  7. #7
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    PHP Code:
    <?php
    $sql 
    "INSERT INTO items (
                `itemid`, 
                `title`, 
                `directions`, 
                `rating`, 
                `categoryid`, 
                `date`, 
                `status`, 
                `gameinfo`, 
                `gamerating`, 
                `publisher`, 
                `genar`, 
                `userid`
            ) VALUES (
                '"
    .(int)$itemid."', 
                '"
    .mysql_real_escape_string($itemtitle)."', 
                '"
    .mysql_real_escape_string($newdirections)."',
                '0', 
                '"
    .(int)$catid."', 
                '"
    .mysql_real_escape_string($date)."', 
                '"
    .mysql_real_escape_string($status)."', 
                '"
    .mysql_real_escape_string($gameinfo)."', 
                '"
    .mysql_real_escape_string($gamerating)."', 
                '"
    .mysql_real_escape_string($publisher)."', 
                '"
    .mysql_real_escape_string($genar)."', 
                '"
    .(int)$uid."' 
            )"
    ;
    $result mysql_query($sql ,$db);
    ?>
    Quote Originally Posted by temp.user123
    You know... You're not so smart. Do you need me to educate you?
    If you say, "please," (and do so, nicely) then I will show you where you're dead wrong.

  8. #8
    Join Date
    Aug 2007
    Posts
    23
    Kool thanks, i just tested it, after i removed the javascript in the header and it worked!
    I posted: Most post don't allow ' / @ (" in this form... and it saved in only 1 second better than the 12 seconds it was taking!

    Your the best thanx
    Sorry you had to help so much but i am still learning so it takes me a while lol.
    Plus school and chors takes most of my time.

    Can you take a look at my other post i really need help with it!
    http://www.webdeveloper.com/forum/sh...d.php?t=158629
    Last edited by Breana; 08-20-2007 at 01:44 PM.

  9. #9
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    Glad I could help, also replied to your other post.
    Quote Originally Posted by temp.user123
    You know... You're not so smart. Do you need me to educate you?
    If you say, "please," (and do so, nicely) then I will show you where you're dead wrong.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles