characters issue in my sql

Beginners - Learning PHP
#1

hi there,
i am facing some issues while putting some special characters like <> sign in mysql. Even if i pushed a value of a multiline text box with some hard enters, it doesn’t observe that and add that text without line breaks. I am using htmlentities($myVal,ENT_QUOTES); while inserting the record. In sql i have given LONGTEXT datatype to the field as the value may contain a good number of words in it.
Please tell me what should i do. One more thing, if i put something with “” it will add slashes before that in mysql and shows that while fetching the data to browser :(.

Pls. tell me if you need any further info from me.

Thnx.

#2

what i am doing is preformating my get values 1. making all linefeeds unix style linefeeds 2. undoing gpc_magic qoutes.
[php]
function prepare_input(&$var)
{
if(is_array($var))
{
foreach($var as $key => $value)
{
$var[$key]=prepare_input($var[$key]);
}
}
else
{
if(get_magic_quotes_gpc()) $var=stripslashes($var);
$var=str_replace(“rn”,“n”,$var); //windows linefeeds
$var=str_replace(“r”,“n”,$var); //mac linefeeds
}
}

// uncomment needed
prepare_input($_POST);
//prepare_input($_GET);
//prepare_input($_COOKIE);
//prepare_input($_REQUEST);[/php]
http://php.net/get_magic_quotes_gpc
http://php.net/stripslashes
http://php.net/str_replace

the u have to be careful with all further operations:
[php]
mysql_query( ‘UPDATE table SET id= "’.intval($POST[‘id’]).’", field1="’.mysql_escape_string($POST[‘field1’]).’" WHERE field2 LIKE "%’.str_replace(’%’,’%’,str_replace(’’,’’,mysql_escape_string($_POST[‘field2’]))).’%"’ );

echo ( ‘

’.nl2br(htmlentities($_POST[‘text’])).’’ );
[/php]
http://php.net/intval
http://php.net/mysql_escape_string
http://php.net/nl2br
http://php.net/htmlentities

hope this answerd all of ur question

Sponsor our Newsletter | Privacy Policy | Terms of Service