This is the correct way to make a safe mysql query, see if it makes a
difference, taken from:-
http://php.net/manual/en/function.mysql-real-escape-string.php
<?php
// Quote variable to make safe
function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not integer
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
// Connect
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
OR die(mysql_error());
// Make a safe query
$query = sprintf("SELECT * FROM users WHERE user=%s AND password=%s",
quote_smart($_POST['username']),
quote_smart($_POST['password']));
mysql_query($query);
?>
Philip Thompson wrote:
Hi all.
I have searched for a way to figure out this problem, but nothing is
popping up. Here's the scenario:
I have a form which I will write to a database - so I escape the form
content. I have a <textarea></textarea> in the form. Obviously, people
can type whatever they want to in this textarea, including newlines.
Ok, I know how to escape the content to put it in the database - but if
there is an error on the page, I want to redirect back to the page and
correct their stuff.
So they have in one of the textareas:
--- start here ---
This is a line in the text area.
This is a line a couple of lines down in the text area.
--- end here ---
If I print the stuff back out to screen, it reads:
--- start here ---
This is a line in the text area.\r\n\r\nThis is a line a couple of
lines down in the text area.
--- end here ---
Anyone know how/what to replace the \r\n in the textarea to that it
shows up correctly with the actual newlines, not the \r\n???
Thanks in advance,
~Philip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
