Irish SEO, Marketing & Webmaster Discussion
 
 Affiliates get Paid On Results, Click Here!
 

Go Back   Irish SEO, Marketing & Webmaster Discussion > Webmaster Help > Coding Help
PHP Adding/Editing DB via FORMS PHP Adding/Editing DB via FORMS
Register Forum Rules FAQDonate Members List Calendar Search Today's Posts Mark Forums Read


Reply
Page 1 of 3 1 23 >
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 20-03-2008, 02:32 AM
ziycon's Avatar
Wannabe Geek
Recent Blog: Gearbox Lined Up for Halo 4
  
Join Date: Jan 2007
Location: Dublin
Posts: 363
ziycon will become famous soon enough
Send a message via MSN to ziycon
Default PHP Adding/Editing DB via FORMS
The situation is, im using a normal HTML in a PHP page, the problem is when i add text to the textarea and submit it to the DB and when i query it to show up on the next page the <br>(these tags are entered manually into the textarea before submitting) show up in the text and the &nbsp; characters show up also anything after a double quote is not stored into the DB, the field is defined as a text type!
Any help would be much appreciated as always.
Reply With Quote
  #2 (permalink)  
Old 20-03-2008, 02:53 AM
Frodo's Avatar
Ciaran Rooney - Weeno Ltd
Recent Blog: Busy put churning them out
  
Join Date: Jan 2007
Location: London
Posts: 335
Frodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud of
Send a message via MSN to Frodo Send a message via Skype™ to Frodo
Default
are you using mysql_escape_string()?
__________________

Reply With Quote
  #3 (permalink)  
Old 20-03-2008, 03:01 AM
ziycon's Avatar
Wannabe Geek
Recent Blog: Gearbox Lined Up for Halo 4
  
Join Date: Jan 2007
Location: Dublin
Posts: 363
ziycon will become famous soon enough
Send a message via MSN to ziycon
Default
Quote:
Originally Posted by Frodo View Post
are you using mysql_escape_string()?
Not that im aware of, what exactly does it do, tried to make sense of it but couldn't!?
Reply With Quote
  #4 (permalink)  
Old 20-03-2008, 03:20 AM
Frodo's Avatar
Ciaran Rooney - Weeno Ltd
Recent Blog: Busy put churning them out
  
Join Date: Jan 2007
Location: London
Posts: 335
Frodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud of
Send a message via MSN to Frodo Send a message via Skype™ to Frodo
Default
Quote:
Originally Posted by ziycon View Post
Not that im aware of, what exactly does it do, tried to make sense of it but couldn't!?
It escapes nasty charters in you sql statements. It's essential to stop mysql injection attacks.

Your insert code should look like this:

PHP Code:
$content $_POST['content'];
$dbcontent mysql_escape_string($content);
$sql="insert into some_table(msContent) values ('".$dbcontent."')";
$result mysql_query($sql,$conn) or die("Fail"); 
__________________

Reply With Quote
  #5 (permalink)  
Old 20-03-2008, 03:33 AM
ziycon's Avatar
Wannabe Geek
Recent Blog: Gearbox Lined Up for Halo 4
  
Join Date: Jan 2007
Location: Dublin
Posts: 363
ziycon will become famous soon enough
Send a message via MSN to ziycon
Default
Quote:
Originally Posted by Frodo View Post
It escapes nasty charters in you sql statements. It's essential to stop mysql injection attacks.

Your insert code should look like this:

PHP Code:
$content $_POST['content'];
$dbcontent mysql_escape_string($content);
$sql="insert into some_table(msContent) values ('".$dbcontent."')";
$result mysql_query($sql,$conn) or die("Fail"); 
No need to worry abouy sql injection attacks on the pages in questions, there secure enough already, so if i have something like so it should work?
PHP Code:
<?php
header("Location: ../news/1.htm");
include('../forum/SSI.php');

dbConnect();

global $context;

if($context['user']['is_logged'])
{
    $validate_admin check_admin_userid($context['user']['id']);
    $validate check_sec_admin_userid($context['user']['id'],2);
    if(($validate == true) || ($validate_admin == true))
    {
        $content mysql_escape_string($_REQUEST['body']);        
        mysql_query("UPDATE news SET title='".$_GET['title']."', body='".$content."'  WHERE id=".$_GET['id']."");
    }
}

closeConnect();
?>
Tired this but the stripslashes function is not working when displaying the text now!?
Reply With Quote
  #6 (permalink)  
Old 20-03-2008, 08:39 AM
Forbairt's Avatar
respect my AW-THOR-IT-AYY
Recent Blog: Irish Webmaster Forum Meetup 2.0
  
Join Date: Jun 2007
Location: My Office, Dublin
Posts: 1,665
Forbairt has a reputation beyond reputeForbairt has a reputation beyond reputeForbairt has a reputation beyond reputeForbairt has a reputation beyond reputeForbairt has a reputation beyond reputeForbairt has a reputation beyond reputeForbairt has a reputation beyond reputeForbairt has a reputation beyond reputeForbairt has a reputation beyond reputeForbairt has a reputation beyond reputeForbairt has a reputation beyond repute
Send a message via AIM to Forbairt Send a message via MSN to Forbairt Send a message via Yahoo to Forbairt Send a message via Skype™ to Forbairt
Default
Quote:
Originally Posted by ziycon View Post
No need to worry abouy sql injection attacks on the pages in questions, there secure enough already, so if i have something like so it should work?
Famous last words
__________________
Forbairt Media | Web Design & Development Galway / Dublin, Ireland - coming soon ... ( vague but descriptive isn't it )

Recent Work: Safari Club African Safari Holidays - Botswana Safaris
Reply With Quote
  #7 (permalink)  
Old 20-03-2008, 11:43 AM
ziycon's Avatar
Wannabe Geek
Recent Blog: Gearbox Lined Up for Halo 4
  
Join Date: Jan 2007
Location: Dublin
Posts: 363
ziycon will become famous soon enough
Send a message via MSN to ziycon
Default
Quote:
Originally Posted by Forbairt View Post
Famous last words
They should be fine, you have to be logged in and have admin right then to even view the pages!

I read something about putting '<br>' tags into textareas and then not being the right encoding type but i have the same thing setup on another site and it will accept these tags and double quotes etc no problem, cant seen to figure it out!?
Reply With Quote
  #8 (permalink)  
Old 20-03-2008, 01:55 PM
Frodo's Avatar
Ciaran Rooney - Weeno Ltd
Recent Blog: Busy put churning them out
  
Join Date: Jan 2007
Location: London
Posts: 335
Frodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud ofFrodo has much to be proud of
Send a message via MSN to Frodo Send a message via Skype™ to Frodo
Default
You shouldn't need the stripslashes function or the addslashes function when you are using mysql_escape_string function.
__________________

Reply With Quote
  #9 (permalink)  
Old 20-03-2008, 05:14 PM
ziycon's Avatar
Wannabe Geek
Recent Blog: Gearbox Lined Up for Halo 4
  
Join Date: Jan 2007
Location: Dublin
Posts: 363
ziycon will become famous soon enough
Send a message via MSN to ziycon
Default
Quote:
Originally Posted by Frodo View Post
You shouldn't need the stripslashes function or the addslashes function when you are using mysql_escape_string function.
Ok, i'll have a look at it when i get home, thanks.
Reply With Quote
  #10 (permalink)  
Old 20-03-2008, 11:31 PM
ziycon's Avatar
Wannabe Geek
Recent Blog: Gearbox Lined Up for Halo 4
  
Join Date: Jan 2007
Location: Dublin
Posts: 363
ziycon will become famous soon enough
Send a message via MSN to ziycon
Default
Ok, still not working, if i add data directly to the DB is shows up fine but if i add it via a webpage or edit it via a webpage either slashes start showing up, everything after double quotes disappears or the html tags are converted from '<br> to '&lt;br&gt;'!
I'm not understanding this mysql_escape_string function, wheres it ment to go, before data enters the db or after or what does it even do, tried php.net but sometimes they word things difficult enough!?
Reply With Quote
Reply
Page 1 of 3 1 23 >

« Works in Firefox but not IE? Why? | Integrating third party mashups »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ruby on Rails VS PHP Code Igniter gav240z Coding Help 10 03-02-2008 11:04 PM
PHP Wierdness elspudo Coding Help 3 18-12-2007 07:49 PM
form sending without php Joseph Grogan Coding Help 5 05-09-2007 01:32 PM
PHP, OOPS! data typing Mike Coding Help 2 24-08-2007 02:44 PM
WTF - Some PHP Obfuscation. daviddoran General Chat 8 20-02-2007 04:45 PM


All times are GMT +1. The time now is 06:43 AM.

Contact Us - Irish Webmaster Discussion - Archive - Top

Powered by: vBulletin Version 3.7.2, Copyright ©2000 - 2008, Jelsoft Enterprises Limited.
Hosted in Ireland by Blacknight - Test your ISP |Irish Hosting Directory| Armchair.ie|Logo by Eden Web Design|Avatars by Afterglow |Latest Blog Entries | VPS HostingAd Management by RedTyger

Search Engine Friendly URLs by vBSEO 3.2.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56