Notretsam Posted September 17, 2015 Share Posted September 17, 2015 anytime someone uses ' in a textfield , it always adds don't to database I looked in mysql database and is showing as don't in there. http://www.w3schools.com/php/func_mysqli_real_escape_string.asp I tried adding to database in way above page states, but outputted as don't having similar issue with wrestler names like "The Superstar" Daniel Starr , whenever I pass name across a page, it shows as "The Superstar" Daniel Starr. This time it shows in database as "The Superstar" Daniel Starr , which is because I manually adjusted it in past. I also thought using bind parameters when inserting into database would put a stop to this but guess it doesn't looked online for a solution but having no luck, any advice? Link to comment Share on other sites More sharing options...
justsomeguy Posted September 17, 2015 Share Posted September 17, 2015 Your server probably has the magic_quotes PHP option enabled, which is relatively ancient. You can use a function like this to return a value from $_GET or $_POST that will be normalized regardless of whether or not magic_quotes is enabled. Values in $_POST will take priority over values in $_GET, and you can pass a default value in case it's not in either. I also have it always trim everything because I haven't found a case where I wouldn't want to do that. This version handles arrays, but only arrays with 1 dimension. function form_var($var, $default = ''){ $retval = $default; if (isset($_POST[$var])) $retval = $_POST[$var]; elseif (isset($_GET[$var])) $retval = $_GET[$var]; if (is_array($retval)) { foreach ($retval as $k => $v) { $retval[$k] = trim($v); if (get_magic_quotes_gpc()) $retval[$k] = stripslashes($v); } } else { $retval = trim($retval); if (get_magic_quotes_gpc()) $retval = stripslashes($retval); } return $retval;} Link to comment Share on other sites More sharing options...
Notretsam Posted September 18, 2015 Author Share Posted September 18, 2015 my hosting company deals with php.ini file settings for me, presume magic_quotes PHP option be in there if i got hosting company to disable it? would that sort it? Link to comment Share on other sites More sharing options...
Notretsam Posted September 18, 2015 Author Share Posted September 18, 2015 tried using form_val function tried $libioBio = formval($_POST['newBio']); which didn't add anything to database column first I tried $lilbioBio = formval($lilbioBio); which still added don't to database column tried it with $lilbioBio within formval wrapped in '' and " , all the same think am going have to contact hosting company on it. thanks for the help again JAG Link to comment Share on other sites More sharing options...
Notretsam Posted September 18, 2015 Author Share Posted September 18, 2015 well using $bioFinal = stripslashes("$bioFinal"); this sorts the issue when getting info from database still can't get http://wrestlestarz.com/profile.php?pid=%22The%20Superstar%22%20Daniel%20Starr URL to work, the pid just not picking up with names with "" in them. Link to comment Share on other sites More sharing options...
dsonesuk Posted September 18, 2015 Share Posted September 18, 2015 What about htaccess as discribed herehttp://php.net/manual/en/security.magicquotes.disabling.php Link to comment Share on other sites More sharing options...
Notretsam Posted September 18, 2015 Author Share Posted September 18, 2015 okies fixed it all now, am good really seems to be awkward and ###### trying to sort it when adding to database , which is what i been trying to do for ages. today i looked at a fix for when pulling info from database and stripslashes("$bioFinal") works for me. Link to comment Share on other sites More sharing options...
justsomeguy Posted September 18, 2015 Share Posted September 18, 2015 Use form_var('newBio'), or whatever the name is in $_GET or $_POST. Don't pass $_GET or $_POST to the function, pass the name of the item you're trying to get. Don't count on stripslashes, use a function like that which will adjust to the settings on the server. You can't guarantee the settings on any server, so write code to check the settings and do what's appropriate. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now