#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2000
    Posts
    5
    Rep Power
    0
    Hi

    I want to filter a form input for html/and php tags.
    so far i've got this:

    $Text = htmlspecialchars($Text);
    $Text = nl2br($Text);
    $Text = ereg_replace("n","",$Text);

    This is my query:
    $query = "INSERT INTO Reactie VALUES ('$Submitter', '$ReactionDateTime', '$UserEmail', '$Text', '$NewsID')";

    The problem is that if $Text contains a 'character it will cause an error in the query

    example
    $text = " Test ' character";

    So the actual query would be:

    $query = "INSERT INTO Reactie VALUES ('$Submitter', '$ReactionDateTime', '$UserEmail', 'Test ' character', '$NewsID')";

    Notice the ' character will close the $Text input and leaving a ' character lonely (after the word character).

    Please help me, thanx in advance


  2. #2
  3. No Profile Picture
    Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2000
    Location
    Sydney, Australia
    Posts
    5
    Rep Power
    0
    You need to escape the '
    So instead of:
    $text = " Test ' character";
    you have
    $text = " Test ' character";

    This stops php from thinking the ' is the end of the string.

    HTH
    Graham
  4. #3
  5. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Brussels, Belgium
    Posts
    14,642
    Rep Power
    4492
    You can do that by using

    $text = addslashes($text);

    You're nl2br() and ereg() functions are sort of redundant. You can do it with the one function...

    $Text = ereg_replace("n","<BR>",$Text);

    ---John Holmes...

  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2000
    Posts
    5
    Rep Power
    0
    Thanx man,
    the addslashes is the right solution!

IMN logo majestic logo threadwatch logo seochat tools logo