www.webdeveloper.com
Results 1 to 9 of 9

Thread: Replace ' in the text area?

  1. #1
    Join Date
    Aug 2007
    Posts
    23

    Question Replace ' in the text area?

    Ok, mysql wont let my users post this charecter ' (don't) in the textarea...
    So whats the best what to ad a remove ' string to my php witch send the info to the database?

    here is the info in the text area
    <textarea name="aboutme" cols="25" rows="10" wrap="virtual" id="aboutme"></textarea>
    It submits to my creatmember.php where it checks for errors "no email no user id" so on, then inserts the data.

    I tried java script but onlt seems to work on tex feilds not textarea...
    And i cant leave it like that, it says saved user but never send the sql info...

  2. #2
    Join Date
    Aug 2007
    Posts
    23

    Lightbulb

    Oh i just found this, so i wanted to post it here maybe get help faster

    Can i use the above code for 2 text areas in my php form?
    Like this:
    <script language="Javascript">
    function replaceStr(){
    var yourString = document.getElementById("aboutme, likesdislikes");
    yourString.value = yourString.value.replace(/\'/gi,"'");
    }
    </script>
    And in the form:
    <form enctype="multipart/form-data" action="saveuser.php" method="post" onsubmit="replaceStr()">

  3. #3
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    Use mysql_real_escape_string() to allow users to use " ' " in there posts.

    Do not trust javascript, you're sql my be open to injection with the code you provided above.

  4. #4
    Join Date
    Aug 2007
    Posts
    23

    Question

    kk, but how do i use that code? mysql_real_escape_string()
    do i ad it to the php <? mysql_real_escape_string() ?> or othere please help me i have no clue lol

  5. #5
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    PHP Code:
    mysql_query("INSERT INTO myTable (`myField`) VALUES ('".mysql_real_escape_string($myValue)."')"); 
    Like that.

  6. #6
    Join Date
    Aug 2007
    Posts
    23

    Question

    Ok so i use it like this, with my exsisting code..

    Befor my old code code:
    $sql = "insert into items (itemid, title, directions, rating, categoryid, date, status, gameinfo, gamerating, publisher, genar, userid) values ($itemid, '$itemtitle', '$newdirections', 0, $catid, '$date', '$status', '$gameinfo', '$gamerating', '$publisher', '$genar', $uid)";
    $result = mysql_query($sql ,$db);
    After i used your code with mine:
    $sql = "insert into items (.mysql_real_escape_string($myValue). itemid, title, directions, rating, categoryid, date, status, gameinfo, gamerating, publisher, genar, userid) values ($itemid, '$itemtitle', '$newdirections', 0, $catid, '$date', '$status', '$gameinfo', '$gamerating', '$publisher', '$genar', '.mysql_real_escape_string($myValue).', $uid)";
    $result = mysql_query($sql ,$db);
    Like that?
    Last edited by Breana; 08-20-2007 at 12:08 PM.

  7. #7
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    PHP Code:
    <?php
    $sql 
    "INSERT INTO items (
                `itemid`, 
                `title`, 
                `directions`, 
                `rating`, 
                `categoryid`, 
                `date`, 
                `status`, 
                `gameinfo`, 
                `gamerating`, 
                `publisher`, 
                `genar`, 
                `userid`
            ) VALUES (
                '"
    .(int)$itemid."', 
                '"
    .mysql_real_escape_string($itemtitle)."', 
                '"
    .mysql_real_escape_string($newdirections)."',
                '0', 
                '"
    .(int)$catid."', 
                '"
    .mysql_real_escape_string($date)."', 
                '"
    .mysql_real_escape_string($status)."', 
                '"
    .mysql_real_escape_string($gameinfo)."', 
                '"
    .mysql_real_escape_string($gamerating)."', 
                '"
    .mysql_real_escape_string($publisher)."', 
                '"
    .mysql_real_escape_string($genar)."', 
                '"
    .(int)$uid."' 
            )"
    ;
    $result mysql_query($sql ,$db);
    ?>

  8. #8
    Join Date
    Aug 2007
    Posts
    23
    Kool thanks, i just tested it, after i removed the javascript in the header and it worked!
    I posted: Most post don't allow ' / @ (" in this form... and it saved in only 1 second better than the 12 seconds it was taking!

    Your the best thanx
    Sorry you had to help so much but i am still learning so it takes me a while lol.
    Plus school and chors takes most of my time.

    Can you take a look at my other post i really need help with it!
    http://www.webdeveloper.com/forum/sh...d.php?t=158629
    Last edited by Breana; 08-20-2007 at 02:44 PM.

  9. #9
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    Glad I could help, also replied to your other post.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles