I have been using a PHP script with textarea input from an html form to update a field called Article on my website. This has worked fine for a year. Tonight I have been trying to make a new version of this form, and I've apparently done something wrong, because the field will no longer update if it contains an apostrophe (and the lengthy Article field always does contain many apostrophes). I have tried using htmlentities, and it still doesn't work. Perhaps I'm using that function in the wrong place in my code. Any ideas would be appreciated on how to solve this. Below is an outline of how my current malfunctioning script is arranged: 1) I get existing value of $Article from database: $Article=$row['Article']; PHP: 2) I revise $Article variable using htmlentities function: $Article=htmlentities($Article); PHP: 3) I insert $Article into textarea field on form: <textarea name="Article"><?php echo $Article ?></textarea> PHP: 4) I retrieve $Article variable on form target page after clicking "submit": $Article=$_REQUEST['Article']; PHP: 5) I attempt to update the Article field in my database: $result=mysql_query("UPDATE MyTable SET Article = '$Article'"); PHP: Again, the above procedure works fine if there are no apostrophes in the $Article variable that I submit, but if the $Article variable contains apostrophes, then the field will not update (or rather it will save all data up to the point where the first apostrophe occurs and then truncate the rest). Thanks in advance for any ideas on how to get my database to properly update fields containing apostrophes. Darden12
Try changing the: $Article=htmlentities($Article); to $Article=mysql_real_escape_string($Article); PHP:
For Step 2, replace it with: $Article = stripslashes($Article); PHP: For Step 5, replace it with: $result=mysql_query("UPDATE MyTable SET Article = '".mysql_real_escape_string($Article)."'"); PHP: or else your website can be easily hacked using SQL injection. - ads2help