justus Posted November 7, 2004 Report Posted November 7, 2004 mysql_query("UPDATE contentdata SET data = '$_POST[content]' , date = '$postTime' WHERE id = '$_POST[ide]' "); izpildot vaicaajumu rodas problemas ja $_POST[content] satur pedinjas piemeeram ja ir teksts: Sodien apedu 30000 konfektes "Gotina" tad ieksh DB pievienojas shitik taalu: Šodien apedu 30000 konfektes meeginaaju likt slashes, negribas likt peedinju vietaa citu simbolu un tad taisiit str_replace
john.brown Posted November 7, 2004 Report Posted November 7, 2004 A vai tad addslashes() nepalīdz? $string = addslashes($string);
PheliX Posted November 7, 2004 Report Posted November 7, 2004 mysql_query("UPDATE contentdata SET data = 'mysql_escape_string($_POST[content])' , date = '$postTime' WHERE id = '$_POST[ide]' ");
bubu Posted November 8, 2004 Report Posted November 8, 2004 mysql_query("UPDATE contentdata SET data = 'mysql_escape_string($_POST[content])' , date = '$postTime' WHERE id = '$_POST[ide]' "); Tas nu gan nav pareizi! Pareizāk ir: mysql_query("UPDATE contentdata SET data = '" . mysql_escape_string($_POST[content]) . "' , date = '$postTime' WHERE id ='" . mysql_escape_string($_POST[ide]) . "'");
PheliX Posted November 8, 2004 Report Posted November 8, 2004 aj nu jaa... domaaju izlaboshu tik to vietu kur probleema i par visu kopumaa nemaz nepadomaaju :) naakoshreiz laikam jaaraxta plika funkcija...
Venom Posted November 8, 2004 Report Posted November 8, 2004 (edited) VenMySQL klases gabals: function p4q($tmp,$html=0)//prepare data to place in query { if ($html) return mysql_escape_string(htmlspecialchars($tmp)); return mysql_escape_string($tmp); } function pp4q($tmp,$html=0)//prepare $_POST data for query { if (empty($_POST[$tmp])) return; if (get_magic_quotes_gpc()) $_POST[$tmp]=stripslashes($_POST[$tmp]); return $this->p4q($_POST[$tmp],$html); } Edited November 8, 2004 by Venom
Recommended Posts