Well, I've made a function, which works just fine (tested with set values): function admin_log($table) { global $adminlog,$uname,$date; $get = array(); $get=mysql_fetch_array(mysql_query("SELECT * FROM $table LIMIT 1"),MYSQL_ASSOC); foreach ($get as $value) { $tmp[] = "$value"; } $oldcontent = "".implode(',',$tmp).""; $query=mysql_query("INSERT INTO $adminlog VALUES ('','$table','','$uname','','$oldcontent','$date')"); return $query; } PHP: The problem is - as it is written above, nothing gets put into the database. I've echoed the query returned, and proceeded to use it from within PHPMYADMIN, and it inserts just fine - so the problem is somewhere else. If I replace the $oldcontent with "test" it works just fine, so the function works as it should, it just doesn't want to insert a new row when I use the $oldcontent variable. Anyone have any suggestions?
Two things to try, 1.) get rid of the quotes around $value: $tmp[] = $value; 2.) Try: $query=mysql_query("INSERT INTO $adminlog VALUES ('','$table','','$uname','','$oldcontent','$date')") or die(mysql_error());
Figured it out. Something amiss when posting via PHP to the MySQL-database. Put in an "addslashes" on the $oldcontent value, and it works now. What is strange, however, is that the values in the "$oldcontent" variable goes into the database just fine when I try using phpmyadmin to enter it. Oh, well, as long as it works.
You have to escape the - ' -/quote/ in mysql query's. Otherwise it is like .. $query=mysql_query("INSERT INTO $adminlog VALUES ('this is the old content and it isn't escaped','date')"); php should throw an error to you, if it didn't then your host has php error display turned off for php. phpMyAdmin automatically escapes the single/double quotes before it inserts.
1. I've tried running it with error_reporting(E_ALL) on - no go, didn't throw an error. 2. The content is pulled from a database - ie. the content is already in a database, and has been added to the database by using the same form/handling that I'm using here, so... and I can pull it out without problems, and also edit and more - so there is something wrong. Although I do suspect some type of formatting error somewhere, and that's why addslashes worked. What is troubling me a bit though is that it didn't throw any errors, it just didn't work.
error_reporting(E_ALL); ini_set("display_errors", 1); I use both of these on a few hosts that I have run across that has php error reporting turned off. "or die(mysql_error());" should be showing what the mysql issue is. Shrug, I always use the following functions on my strings I am going to store into mysql. function makesafe($varvalue) { if (empty($varvalue)) { $varvalue = null; } else { $varvalue = htmlentities($varvalue, ENT_QUOTES); $varvalue = strip_tags($varvalue); $varvalue = stripslashes($varvalue); $varvalue = str_remove($varvalue, array('SELECT', 'UNION', 'UPDATE', 'DELETE', 'WHERE', '\r') ); $varvalue = trim($varvalue); } return $varvalue; } function quote_smart($value) { if (get_magic_quotes_gpc()) { $value = stripslashes($value); } if (!is_numeric($value)) { $value = mysql_real_escape_string($value); } return $value; } PHP:
You said it works fine if you manually type for example TEST so the problem lays with how the $oldcontent is getting sent to the database for insertion ? Try this before your sql insert statement $oldcontent = str_replace("\'", "''", $tmp); PHP: Just on the fly, your inserting 7 items is that correct ? ('1',' 2$table','3','4$uname','5','6$oldcontent','7$date') ? ..and its an insert and not an update your wanting
7 values, yes. And yes, it was something which wasn't being escaped while sending it through PHP. What's puzzling me is that the value which is being sent as "$oldcontent" is being fetched from the database already, and in my book that means whatever's in there should already be escaped and such. Anyway, it works after I added the "addslashes" to the $oldcontent variable before entering it into the database. Gonne look more to sanitizing and such when this goes live, but as it is now, it's just to get a log-system up and running, and figuring out the logic needed to pass the correct information to the logging-table.