/    Sign up×
Community /Pin to ProfileBookmark

Replace ‘ in the text area?

Copy linkTweet thisAlerts:
Aug 20.2007

Ok, mysql wont let my users post this charecter ‘ (don’t) in the textarea…
So whats the best what to ad a remove ‘ string to my php witch send the info to the database?

here is the info in the text area
<textarea name=”aboutme” cols=”25″ rows=”10″ wrap=”virtual” id=”aboutme”></textarea>
It submits to my creatmember.php where it checks for errors “no email no user id” so on, then inserts the data.

I tried java script but onlt seems to work on tex feilds not textarea…
And i cant leave it like that, it says saved user but never send the sql info…

to post a comment
PHP

8 Comments(s)

Copy linkTweet thisAlerts:
@BreanaauthorAug 20.2007 — Oh i just found this, so i wanted to post it here maybe get help faster ?

Can i use the above code for 2 text areas in my php form?

Like this:
<script language="Javascript">

function replaceStr(){

var yourString = document.getElementById("aboutme, likesdislikes");

yourString.value = yourString.value.replace(/'/gi,"'");

}

</script> [/QUOTE]

And in the form:
<form enctype="multipart/form-data" action="saveuser.php" method="post" onsubmit="replaceStr()">[/QUOTE]
Copy linkTweet thisAlerts:
@MrCoderAug 20.2007 — Use mysql_real_escape_string() to allow users to use " ' " in there posts.

Do not trust javascript, you're sql my be open to injection with the code you provided above.
Copy linkTweet thisAlerts:
@BreanaauthorAug 20.2007 — kk, but how do i use that code? mysql_real_escape_string()

do i ad it to the php <? mysql_real_escape_string() ?> or othere please help me i have no clue lol ?
Copy linkTweet thisAlerts:
@MrCoderAug 20.2007 — [code=php]
mysql_query("INSERT INTO myTable (myField) VALUES ('".mysql_real_escape_string($myValue)."')");
[/code]

Like that.
Copy linkTweet thisAlerts:
@BreanaauthorAug 20.2007 — Ok so i use it like this, with my exsisting code..

Befor my old code code:
$sql = "insert into items (itemid, title, directions, rating, categoryid, date, status, gameinfo, gamerating, publisher, genar, userid) values ($itemid, '$itemtitle', '$newdirections', 0, $catid, '$date', '$status', '$gameinfo', '$gamerating', '$publisher', '$genar', $uid)";

$result = mysql_query($sql ,$db);[/QUOTE]

After i used your code with mine:
$sql = "insert into items (.mysql_real_escape_string($myValue). itemid, title, directions, rating, categoryid, date, status, gameinfo, gamerating, publisher, genar, userid) values ($itemid, '$itemtitle', '$newdirections', 0, $catid, '$date', '$status', '$gameinfo', '$gamerating', '$publisher', '$genar', '.mysql_real_escape_string($myValue).', $uid)";

$result = mysql_query($sql ,$db);[/QUOTE]

Like that?
Copy linkTweet thisAlerts:
@MrCoderAug 20.2007 — [code=php]
<?php
$sql = "INSERT INTO items (
itemid,
title,
directions,
rating,
categoryid,
date,
status,
gameinfo,
gamerating,
publisher,
genar,
userid
) VALUES (
'".(int)$itemid."',
'".mysql_real_escape_string($itemtitle)."',
'".mysql_real_escape_string($newdirections)."',
'0',
'".(int)$catid."',
'".mysql_real_escape_string($date)."',
'".mysql_real_escape_string($status)."',
'".mysql_real_escape_string($gameinfo)."',
'".mysql_real_escape_string($gamerating)."',
'".mysql_real_escape_string($publisher)."',
'".mysql_real_escape_string($genar)."',
'".(int)$uid."'
)";
$result = mysql_query($sql ,$db);
?>
[/code]
Copy linkTweet thisAlerts:
@BreanaauthorAug 20.2007 — Kool thanks, i just tested it, after i removed the javascript in the header and it worked!

I posted: Most post don't allow ' / @ (" in this form... and it saved in only 1 second better than the 12 seconds it was taking!

Your the best thanx ?

Sorry you had to help so much but i am still learning so it takes me a while lol.

Plus school and chors takes most of my time.

Can you take a look at my other post i really need help with it!

http://www.webdeveloper.com/forum/showthread.php?t=158629
Copy linkTweet thisAlerts:
@MrCoderAug 20.2007 — Glad I could help, also replied to your other post.
×

Success!

Help @Breana spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.20,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...