January 22nd, 2014, 01:51 PM
Query saving # character
I have a form with a text field that the user types something, presses the Save button and it saves the data in a table.
If the field contains a # the data will not save.
I tried the following functions:
but as soon as I enter a # it doesn't save.
How do I treat the # character to save in a mysql query?
January 22nd, 2014, 01:58 PM
This is a serious problem. If the queries break on certain input, that means they're vulnerable to SQL injection attacks. In this case, you've obviously injected a comment. An attacker could use the same bug to read sensitive data or even take over the server.
You need to learn how to properly access a MySQL database with PHP.
January 22nd, 2014, 02:10 PM
So, how would you save the following three characters in a mysql table?
January 22nd, 2014, 02:20 PM
I don't think you understood my post.
The "#" stuff is irrelevant. This is a much more serious problem caused by incorrect database code. I gave you a link with a detailed explanation of how to access a database correctly. It might be a good idea to read it.
I repeat: If your queries crash depending on the user input (the exact characters are irrelevant), that's very, very wrong. It means that the user input affects the queries, which is the last thing you want on a server.
If you don't believe me, you're free to wait until somebody proves it to you. I wouldn't recommend that, though.
January 22nd, 2014, 03:10 PM
While it may not be entirely clear that Jacques1 is trying to help you, you are not being entirely clear with your question. (At least to me).
You start your question with two lines, the second of which says if the user enters a # the data will not save (sic)
Then you deliberately try to force that character into your db. I'm confused - you don't want the user to be able to enter a # sign as data or you do?
You might also show us some code (altho Jacques1 will not like it!) so that we may see what you are doing. Kinda hard to debug if we can't see what you are trying , ya know?