Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

wysiwyg text editor database insert 1

Status
Not open for further replies.

demiancurran

Programmer
Sep 20, 2006
19
CA
Hey all,

I am trying to insert into a MySQL DB, a small textarea that uses FCKEditor.
When the client edits an article, and submits it, sometimes the text escapes the SQL insert and ends up giving an error message.
How can I stop the text from escaping the SQL statement ?
 
Show us some code, so we can see that the issue is. Any particular syntax that causes this to happen all the time?

____________________________________
Just Imagine.
 
Use cfqueryparam for the variables you're passing in your insert statement.


Hope This Helps!

ECAR
ECAR Technologies

"My work is a game, a very serious game." - M.C. Escher
 
here is the error message
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 've seen, elegantly\u003cbr /\>referencing graffiti, but very simply executed.\u0' at line 2

This tells me that all of the edited text is included up until it hits the '
from there ... it breaks out of the code and draws errors.

here is the insert statement.

<cfquery name="insert_article" DATASOURCE="#DSN_DATASOURCE#" USERNAME="#DSN_USERNAME#" PASSWORD="#DSN_PASSWORD#">
INSERT INTO articles(contributor_id, title, image_1, image_2, image_3, image_4, article, featured, caption_1, caption_2, caption_3, caption_4)
VALUES ('#form.author#',
'#form.title#',
'#image_1#',
'#image_2#',
'#image_3#',
'#image_4#',
'#form.article#',
'#featured#',
'#HTMLEditFormat(form.caption_1)#',
'#HTMLEditFormat(form.caption_2)#',
'#HTMLEditFormat(form.caption_3)#',
'#HTMLEditFormat(form.caption_4)#')
</cfquery>
 
Use cfqueryparam for the variables you're passing in your insert statement.


Hope This Helps!

ECAR
ECAR Technologies

"My work is a game, a very serious game." - M.C. Escher
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top