Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Apostrophe in form data causes error.... 1
- Thread starter admoore
- Start date
-
1
- #2
danielhozac
Programmer
What kind of error? Care to show us the code? //Daniel
- Thread starter
- #3
Any form data that contains an apostrophe, like in the description if the poster were to type "driver's license" as part of the job description.... The record will not be written & the php code will return my error message that the query failed...
code is as follows:
code is as follows:
Code:
$result = mysql_query("INSERT INTO vacancies
(`jobid`, `date`, `location`, `title`, `desc`, `contact`, `contact_phone`, `filled`)
VALUES
('',CURDATE(), '$location', '$title', '$desc', '$contact', '$contact_phone', 'n')",$dbcnx);
if ($result == TRUE)
{
print ("A new job vacancy was listed as follows:<br>".
"<b>$title<br>$location<br></b><p>$desc</p>".
"Contact: $contact at $contact_phone for more information.".
"<br><br>Your vacancy is now online.");
}
else
{
print ("An <font color=\"red\">error </font>has occured; please try
again.");
print ("A new job vacancy was NOT listed for:<br><br>".
"<b>$title<br>$location<br></b><p>$desc</p>".
"Contact: $contact at $contact_phone for more information.".
"<br><br>");
}
mysql_close($dbcnx);danielhozac
Programmer
You should use addslashes on your variables before you use them in your query. You could also try setting the magic_quotes_gpc to on, if you have administrative access to the server. //Daniel
danielhozac
Programmer
This would do it to all POST variables:
//Daniel
Code:
while (list($key,$val) = each($_POST))
{
$_POST[$key] = addslashes($val);
}- Status