M
mel
Guest
I have a form in my cms that allows the user to input content! but if they enter an apostrophe it errors for example it's a nice day .... ( ' )
I can't seem to get it to check for apostrophes and add a backslash before it is submitted to the database i have tried everything i can think of.
CODE:
if (isset($_POST['helpline_info'])):
//The details have been updated.
$helpline_info = $_POST['helpline_info'];
$helpline_id = $_POST['helpline_id'];
$sql = "UPDATE tbl_helpline SET
helpline_info='$helpline_info'
WHERE helpline_id='$helpline_id'";
if (@mysql_query($sql)) {
echo '<p>Details Updated.</p>';
} else {
echo '<p>Error Updating: ' .
mysql_error() . '</p>';
}
?>
<p><a href="cms.php">Return to CMS Homepage</a></p>
<?php
else: // Allow the user to edit
$helpline_id = $_GET['helpline_id'];
$tbl_helpline = @mysql_query(
"SELECT helpline_info FROM tbl_helpline WHERE helpline_id='$helpline_id'");
if (!$tbl_helpline){
exit ('<p>Error Fetching Details: ' .
mysql_error() . '</p>');
}
$tbl_helpline = mysql_fetch_array($tbl_helpline);
$helpline_info = $tbl_helpline['helpline_info'];
$helpline_info = str_replace("'", "\'", "$helpline_info");
$helpline_info = htmlspecialchars($helpline_info);
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>Edit:</p>
Homepage: <br />
<textarea name="helpline_info" id="test" ROWS=30 COLS=100><?php echo $helpline_info; ?> </TEXTAREA>
<br/>
<input type="hidden" name="helpline_id" value="<?php echo $helpline_id; ?>" />
<input type="submit" value="SUBMIT"/> </p>
</form>
<?php endif; ?>
Please help its driving me mad
i have tried addslashes i can get it to add slashes as it reads it but not once a change has been made for example if the code already says hello it's a lovely day when the database retrieves this it changes it to hello it\'s a lovely day but if the user then adds yes i agree it's a lovey day and trys to submit it will error because it hasnt already got the \
I can't seem to get it to check for apostrophes and add a backslash before it is submitted to the database i have tried everything i can think of.
CODE:
if (isset($_POST['helpline_info'])):
//The details have been updated.
$helpline_info = $_POST['helpline_info'];
$helpline_id = $_POST['helpline_id'];
$sql = "UPDATE tbl_helpline SET
helpline_info='$helpline_info'
WHERE helpline_id='$helpline_id'";
if (@mysql_query($sql)) {
echo '<p>Details Updated.</p>';
} else {
echo '<p>Error Updating: ' .
mysql_error() . '</p>';
}
?>
<p><a href="cms.php">Return to CMS Homepage</a></p>
<?php
else: // Allow the user to edit
$helpline_id = $_GET['helpline_id'];
$tbl_helpline = @mysql_query(
"SELECT helpline_info FROM tbl_helpline WHERE helpline_id='$helpline_id'");
if (!$tbl_helpline){
exit ('<p>Error Fetching Details: ' .
mysql_error() . '</p>');
}
$tbl_helpline = mysql_fetch_array($tbl_helpline);
$helpline_info = $tbl_helpline['helpline_info'];
$helpline_info = str_replace("'", "\'", "$helpline_info");
$helpline_info = htmlspecialchars($helpline_info);
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>Edit:</p>
Homepage: <br />
<textarea name="helpline_info" id="test" ROWS=30 COLS=100><?php echo $helpline_info; ?> </TEXTAREA>
<br/>
<input type="hidden" name="helpline_id" value="<?php echo $helpline_id; ?>" />
<input type="submit" value="SUBMIT"/> </p>
</form>
<?php endif; ?>
Please help its driving me mad
i have tried addslashes i can get it to add slashes as it reads it but not once a change has been made for example if the code already says hello it's a lovely day when the database retrieves this it changes it to hello it\'s a lovely day but if the user then adds yes i agree it's a lovey day and trys to submit it will error because it hasnt already got the \