#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2011
    Posts
    3
    Rep Power
    0

    Aprostrophes aren't allowed


    This may be a pretty vague question, so I'm sorry in advanced.

    But I'm working on one of those recipe websites that you get as an assignment during school. Everything seems to be working, like adding comments, writing up recipes, etc. But for some reason, I'm having a huge issue with apostrophes.
    Whenever I want to add a comment to a recipe that involves an apostrophe in any way, it says "Sorry, there was a problem with your comment."

    I mostly want to know why this happens on websites instead of getting the direct "this-is-how-you-fix-it" answer, because i've seen this happen on other websites.
  2. #2
  3. JavaScript is not spelt java
    Devshed Novice (500 - 999 posts)

    Join Date
    Feb 2011
    Location
    Landan, England
    Posts
    743
    Rep Power
    169
    I think you should show a small sample of the code that generates the error.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2011
    Posts
    3
    Rep Power
    0
    @AndrewSW

    Oh, right. Sorry.
    I THINK it comes from here, but honestly, I'm not entirely sure where the issue would be...

    PHP Code:
    <?php

      $recipeid 
    $_POST['recipeid'];
      
    $poster $_POST['poster'];



      
    $comment htmlspecialchars($_POST['comment']);
      
    $date date("Y-m-d");

      
    $con mysql_connect("localhost""test""test") or die('Could not connect to server');
      
    mysql_select_db("recipe"$con) or die('Could not connect to database');

      
    $query "INSERT INTO comments (recipeid, poster, date, comment) " .
           
    " VALUES ($recipeid, '$poster', '$date', '$comment')";

      
    $result mysql_query($query);
      if (
    $result)
         echo 
    "<h2>Comment posted</h2>\n";
      else
         echo 
    "<h2>Sorry, there was a problem posting your comment</h2>\n";

      echo 
    "<a href=\"index.php?content=showrecipe&id=$recipeid\">Return to recipe</a>\n";

    ?>
  6. #4
  7. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,304
    Rep Power
    7175
    This is a CSS question? What language is your server side code written in?
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2011
    Posts
    3
    Rep Power
    0
    It's... sorry. It's php. .__.
    And i'm running it on a WAMP server.

    I didn't mean to put it in the wrong forum.
  10. #6
  11. CSS & JS/DOM Adept
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jul 2004
    Location
    USA (verifiably)
    Posts
    20,124
    Rep Power
    4309
    *** Thread moved to PHP forum ***
    Spreading knowledge, one newbie at a time.

    Learn CSS. | PHP includes | HTML Validator | CSS validator

    Remember people spend most of their time on other people's sites (so don't violate web design conventions).
  12. #7
  13. Backwards Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,921
    Rep Power
    9646
    Whenever you put a string into a MySQL query like that you need to use mysql_real_escape_string beforehand. That includes $poster and $comment. $recipeid is a number so it's safe, and while $date is a string you know it can't possibly have any apostrophes so it's safe.

    Use mres() just before you put the variables into the query.
    PHP Code:
    " VALUES ($recipeid, '" mysql_real_escape_string($poster) . "', '$date', '" mysql_real_escape_string($comment) . "')" 
    The exact rules for when to use mres() are more complicated than that. What I gave above is fine for a school assignment but not for real life.

    Comments on this post

    • ManiacDan agrees : Beat me to it.

IMN logo majestic logo threadwatch logo seochat tools logo