1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Commas in text area

Discussion in 'PHP' started by Heyleen, Aug 15, 2005.

  1. #1
    I'm having a problem with text areas and MySQL/php. When I enter a comma, like this '. It gives the following error:

    You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 't pay attention to this post.')' at line 1

    That 't was supposed to be 'don't'. So, I was hoping somebody knows the answer to this.
    Also, I had some problems with enters. They wouldn't show up when I read the content out of the MySQL database. But I found a solution for that. I use:
    $message = preg_replace('[\r\n]', '<br>', $message);
    Code (markup):
    If anyone knows a better solution, you're welcome! But my main problem is the first.
    I hope somebody can help me...
    Thanks!
     
    Heyleen, Aug 15, 2005 IP
  2. dct

    dct Finder of cool gadgets

    Messages:
    3,132
    Likes Received:
    328
    Best Answers:
    0
    Trophy Points:
    230
    #2
    That is not a comma it is a single quote and it is being interpreted as SQL not the textual content you want it to be. You need to convert the ' to \' so could do
    
      if(!get_magic_quotes_gpc())
       {
          $message = addslashes($message);
       }
    
    PHP:
    or like how you fixed the carriage return problem.
     
    dct, Aug 15, 2005 IP
  3. Connect

    Connect Guest

    Messages:
    191
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #3
    You need to escape the single quote ' with backslash, like this \'
    You can use this function mysql_real_escape_string() which also escapes some other special characters so your value is sql safe.

    Example:
    
    mysql_real_escape_string($_POST["your_textarea"])
    
    PHP:
    You can use the function nl2br() to automatically insert <br /> tags for enters entered in a text field.
     
    Connect, Aug 15, 2005 IP
  4. Heyleen

    Heyleen Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Thanks! I'm going to try everyting first thing tomorrow.
    Btw, I wasn't sure what they're called in English since I'm dutch.:eek: But thanks anyway!:cool:
     
    Heyleen, Aug 15, 2005 IP
  5. Connect

    Connect Guest

    Messages:
    191
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Hope they work fine for you. If they didn't, post here to let us know :)
     
    Connect, Aug 16, 2005 IP
  6. Heyleen

    Heyleen Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Ok, things are getting weird now...
    I added the code last code, and it worked. Thanks for that! I preferred that one, because it escapes more characters.

    But now, something happens what already happend before sometimes. I don't need the code anymore. For some reason it already escapes the characters. So when I put the mysql_real_escape_string line in it, my text gets dubble escaped so when echo'ed back from my database it turns out like this: don\'t. And well, that doesn't look very nice.

    So I was wondering, do you know why one time, it doesn't escape my text and I get errors, and the other time it does escape my text and everything works fine.
     
    Heyleen, Aug 17, 2005 IP
  7. UndiesHosting

    UndiesHosting Active Member

    Messages:
    219
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    78
    #7
    there is a PHP command stripslashes to undo the escaping of text in the database.

    stripslashes($string);

    and that will do it.
     
    UndiesHosting, Aug 17, 2005 IP
  8. Connect

    Connect Guest

    Messages:
    191
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #8
    Need to check the coding to see why it get double escaped.
     
    Connect, Aug 18, 2005 IP
  9. Heyleen

    Heyleen Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    I don't think it's my script. Because as I told, (without the mysql_real_escape_string) sometimes everything goes fine and my script works, and sometimes I get errors. But here's my 'post' script. It's just an ordinary form with the fields: name, title, date, time, music, mood, message (the last one is a text field/textarea).
    <?php
    include("logged-in.php");
    include ("connect.php");
    
    if (!empty($_POST['title']) AND !empty($_POST['date']) AND !empty($_POST['message'])AND !empty($_POST['name'])){
    //$message = mysql_real_escape_string($_POST['message']);
    $message = $_POST["message"];
    //tekens
    /*$message = str_replace(")","\)",$message);
    $message = str_replace("(","\(",$message);
    $message = str_replace("'","\'",$message);*/
    //$message = str_replace("'", "'", $message);
    $message = mysql_real_escape_string($message);
    $message = preg_replace('[\r\n]', '<br>', $message);
    // OK, Query opbouwen met variabelen in $_POST
    $query="INSERT INTO blog (name, title, date, time, music, mood, message) ";
    $query .= "VALUES ('"; // let op positie van de enkele aanhalingstekens 
    $query .= $_POST["name"] ."', '" ;
    $query .= $_POST["title"] ."', '" ;
    $query .= $_POST["date"] ."', '" ;
    $query .= $_POST["time"] ."', '" ;
    $query .= $_POST["music"] ."', '" ;
    $query .= $_POST["mood"] ."', '" ;
    $query .= $message . "');" ;
    $result = mysql_query($query) or die ("FOUT: " . mysql_error());
    }
    else{
    echo ("Oeps, vergeten titel, date of update in te vullen...<br><a
            href=\"javascript:history.back(1)\">Previous</a>");
    }
    echo("<class=\"BodyText\">Ga naar <a href=\"index.php?page=log\">log...</a></class>");
    ?>
    Code (markup):
    Anyway, the last line did the trick, the stripslashes. It really just unescapes my text again, without removing all the slashes that I put in on purpose. Really funny. Thanks!
     
    Heyleen, Aug 18, 2005 IP
  10. Connect

    Connect Guest

    Messages:
    191
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #10
    Possibly you have already escaped with str_replace? So the mysql_real_escape_string function will just double escape it?

    Also, if you take out preg_replace('[\r\n]', '<br>', $message), you can automatically put in <br> during display time using the function nl2br(), e.g. echo nl2br($message);
     
    Connect, Aug 18, 2005 IP
  11. Heyleen

    Heyleen Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #11
    If I'm right, all the string_replace is just 'comment', so the text can't be escaped by that... It's just this:
    <?php
    include("logged-in.php");
    include ("connect.php");

    if (!empty($_POST['title']) AND !empty($_POST['date']) AND !empty($_POST['message'])AND !empty($_POST['name'])){
    $message = $_POST["message"];
    $message = preg_replace('[\r\n]', '<br>', $message);
    $message = mysql_real_escape_string($message);

    $query="INSERT INTO blog (name, title, date, time, music, mood, message) ";
    $query .= "VALUES ('"; // let op positie van de enkele aanhalingstekens
    $query .= $_POST["name"] ."', '" ;
    $query .= $_POST["title"] ."', '" ;
    $query .= $_POST["date"] ."', '" ;
    $query .= $_POST["time"] ."', '" ;
    $query .= $_POST["music"] ."', '" ;
    $query .= $_POST["mood"] ."', '" ;
    $query .= $message . "');" ;
    $result = mysql_query($query) or die ("FOUT: " . mysql_error());
    }
    else{
    echo ("Oeps, vergeten titel, date of update in te vullen...<br><a
    href=\"javascript:history.back(1)\">Previous</a>");
    }
    echo("<class=\"BodyText\">Ga naar <a href=\"index.php?page=log\">log...</a></class>");
    ?>

    Thanks for the last comment,that's much handier.
     
    Heyleen, Aug 18, 2005 IP
  12. Connect

    Connect Guest

    Messages:
    191
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #12
    Oh ya, missed that comment /* */
     
    Connect, Aug 20, 2005 IP