Replace ' in the text area?

**Breana** · 08-19-2007 07:24 PM

Ok, mysql wont let my users post this charecter ' (don't) in the textarea...
So whats the best what to ad a remove ' string to my php witch send the info to the database?

here is the info in the text area
<textarea name="aboutme" cols="25" rows="10" wrap="virtual" id="aboutme"></textarea>
It submits to my creatmember.php where it checks for errors "no email no user id" so on, then inserts the data.

I tried java script but onlt seems to work on tex feilds not textarea...
And i cant leave it like that, it says saved user but never send the sql info...

**Breana** · 08-19-2007 08:57 PM

Oh i just found this, so i wanted to post it here maybe get help faster

Can i use the above code for 2 text areas in my php form?
Like this:

And in the form:

**MrCoder** · 08-20-2007 04:01 AM

Use mysql_real_escape_string() to allow users to use " ' " in there posts.

Do not trust javascript, you're sql my be open to injection with the code you provided above.

**Breana** · 08-20-2007 07:06 AM

kk, but how do i use that code? mysql_real_escape_string()
do i ad it to the php <? mysql_real_escape_string() ?> or othere please help me i have no clue lol

**MrCoder** · 08-20-2007 08:18 AM

PHP Code:


mysql_query("INSERT INTO myTable (`myField`) VALUES ('".mysql_real_escape_string($myValue)."')");

Like that.

**Breana** · 08-20-2007 11:05 AM

Ok so i use it like this, with my exsisting code..

Befor my old code code:

$sql = "insert into items (itemid, title, directions, rating, categoryid, date, status, gameinfo, gamerating, publisher, genar, userid) values ($itemid, '$itemtitle', '$newdirections', 0, $catid, '$date', '$status', '$gameinfo', '$gamerating', '$publisher', '$genar', $uid)";
$result = mysql_query($sql ,$db);

After i used your code with mine:

$sql = "insert into items (.mysql_real_escape_string($myValue). itemid, title, directions, rating, categoryid, date, status, gameinfo, gamerating, publisher, genar, userid) values ($itemid, '$itemtitle', '$newdirections', 0, $catid, '$date', '$status', '$gameinfo', '$gamerating', '$publisher', '$genar', '.mysql_real_escape_string($myValue).', $uid)";
$result = mysql_query($sql ,$db);

Like that?

**MrCoder** · 08-20-2007 12:51 PM

PHP Code:


<?php

$sql = "INSERT INTO items (

            `itemid`, 

            `title`, 

            `directions`, 

            `rating`, 

            `categoryid`, 

            `date`, 

            `status`, 

            `gameinfo`, 

            `gamerating`, 

            `publisher`, 

            `genar`, 

            `userid`

        ) VALUES (

            '".(int)$itemid."', 

            '".mysql_real_escape_string($itemtitle)."', 

            '".mysql_real_escape_string($newdirections)."',

            '0', 

            '".(int)$catid."', 

            '".mysql_real_escape_string($date)."', 

            '".mysql_real_escape_string($status)."', 

            '".mysql_real_escape_string($gameinfo)."', 

            '".mysql_real_escape_string($gamerating)."', 

            '".mysql_real_escape_string($publisher)."', 

            '".mysql_real_escape_string($genar)."', 

            '".(int)$uid."' 

        )";

$result = mysql_query($sql ,$db);

?>

**Breana** · 08-20-2007 01:39 PM

Kool thanks, i just tested it, after i removed the javascript in the header and it worked!
I posted: Most post don't allow ' / @ (" in this form... and it saved in only 1 second better than the 12 seconds it was taking!

Your the best thanx

Sorry you had to help so much but i am still learning so it takes me a while lol.
Plus school and chors takes most of my time.

Can you take a look at my other post i really need help with it!
http://www.webdeveloper.com/forum/sh...d.php?t=158629

**MrCoder** · 08-20-2007 02:29 PM

Glad I could help, also replied to your other post.

Thread: Replace ' in the text area?

Thread Tools

Display

Replace ' in the text area?

Thread Information

Users Browsing this Thread

Bookmarks

Bookmarks

Posting Permissions