Cibiņš Posted April 13, 2011 Report Share Posted April 13, 2011 (edited) Sveiki, es atkal te! :D Nu tātad vēršos ar problēmu jo nebija apskaidrība kā aizsargāties no mysql errora kurš cik sapratu ir pārrāvuma dēļ. Mēģinu no formas insertot teikumu They're also very useful to keep the inside of a building cooler during how weather - a much more sustainable option than the increasingly-ubiquitous air conditioning respektīvi ' simbols izraisa pārrāvumu inserta funkcijā. $teksts = $_POST['apraksts']; $text = mysql_real_escape_string($teksts); $text = stripslashes($teksts); mysql_query("INSERT INTO tabula(apraksts) VALUES ('$text');") or die(mysql_error()); Tiek izvadīta kļūda You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 're also very useful to keep the inside of a building cooler during how weather -' at line 1 Kā panākt lai šādi pārrāvumi nerastos ja tekstā ir vai nu " vai ' simboli? Ir gadījies ka arī " simbols pārrauj insertu. Edited April 13, 2011 by Cibiņš Quote Link to comment Share on other sites More sharing options...
Val Posted April 13, 2011 Report Share Posted April 13, 2011 Izvāc ārā trešo rindiņu. Quote Link to comment Share on other sites More sharing options...
Jackal Posted April 13, 2011 Report Share Posted April 13, 2011 (edited) Noņem $text = stripslashes($teksts); Ar šo $text = mysql_real_escape_string($teksts); tu eskeipo apostrofu, bet ar stripslashes($teksts); uzreiz dari pretējo Edited April 13, 2011 by Jackal Quote Link to comment Share on other sites More sharing options...
codez Posted April 13, 2011 Report Share Posted April 13, 2011 pie tam viens mainīkais saucas $teksts, otrs $text Quote Link to comment Share on other sites More sharing options...
briedis Posted April 13, 2011 Report Share Posted April 13, 2011 Es domāju, ka būs runa par transakcijām :D Quote Link to comment Share on other sites More sharing options...
codez Posted April 13, 2011 Report Share Posted April 13, 2011 izlasot virsrakstu, es arī tā domāju. Quote Link to comment Share on other sites More sharing options...
Faks Posted April 15, 2011 Report Share Posted April 15, 2011 (edited) Kodam tagad jaiet bez problēmām (mūžu mācies mūžu dzīvo) šis lai kalpo teu ka piemērs nakotnej . $text = $_POST['text']; $text = mysql_real_escape_string($_POST['text']); $text = stripslashes($_POST['text']); mysql_query("INSERT INTO tabula(apraksts) VALUES ('".$text."') ") or die(mysql_error()); Edited April 15, 2011 by Faks Quote Link to comment Share on other sites More sharing options...
mounkuls Posted April 15, 2011 Report Share Posted April 15, 2011 (edited) Kodam tagad jaiet bez problēmām (mūžu mācies mūžu dzīvo) šis lai kalpo teu ka piemērs nakotnej . $text = $_POST['text']; $text = mysql_real_escape_string($_POST['text']); $text = stripslashes($_POST['text']); mysql_query("INSERT INTO tabula(apraksts) VALUES ('".$text."') ") or die(mysql_error()); Faks...fujjj... Kā piemērs jau nu noteikti nē. Izlasi skaidrā ko esi samurgojis, tādam kodam pirmās divas rindiņas vispār ir bezjēdzīgas. Nemaz jau nerunājot par to, ka trešā rindiņa atkal visu dēlī salaiž. P.S. Atcerējos, ka labāk ir tomēr citēt tādas lietas lai vēlāk nav domstarpību:) Edited April 15, 2011 by mounkuls Quote Link to comment Share on other sites More sharing options...
daGrevis Posted April 16, 2011 Report Share Posted April 16, 2011 Kaut kā tā, bet vispār būtu jāpāriet uz PDO... $text = $_POST['text']; $text = stripSlashes( $text ); $text = mysql_real_escape_string( $text ); mysql_query( "..." ) or exit( mysql_error() ); Quote Link to comment Share on other sites More sharing options...
wintermute Posted April 16, 2011 Report Share Posted April 16, 2011 Domāji kaut kā šitā ? function put_text( PDO $pdo ) { $text = isset( $_POST['text']) ? $_POST['text'] : ''; $stmt = $pdo->prepare('INSERT INTO tabula(apraksts) VALUES( :text )'); $stmt->bindParam(':text', $text, PDO::PARAM_STR); $stmt->execute(); } Quote Link to comment Share on other sites More sharing options...
Cibiņš Posted April 18, 2011 Author Report Share Posted April 18, 2011 Noņem $text = stripslashes($teksts); Ar šo $text = mysql_real_escape_string($teksts); tu eskeipo apostrofu, bet ar stripslashes($teksts); uzreiz dari pretējo NEMELO! :D Ja novāc to tavu herņu tad <img src="tralalaa"> kam vajadzētu parādīties kā attēls parādās kā <img src=\"tralalaa\"> piedevm kaa teksts ar slashiem nevis kaa atteels. Quote Link to comment Share on other sites More sharing options...
briedis Posted April 18, 2011 Report Share Posted April 18, 2011 NEMELO! :D Ja novāc to tavu herņu tad <img src="tralalaa"> kam vajadzētu parādīties kā attēls parādās kā <img src=\"tralalaa\"> piedevm kaa teksts ar slashiem nevis kaa atteels. Izslēdz magic quotes un to stripslashes sūdu vairs nekad nevajadzēs lietot. http://php.net/manual/en/security.magicquotes.disabling.php Quote Link to comment Share on other sites More sharing options...
mad182 Posted April 19, 2011 Report Share Posted April 19, 2011 function sanitize($input){ if(is_array($input)){ foreach($input as $k=>$i){ $output[$k]=sanitize($i); } } else { if(get_magic_quotes_gpc()){ $input=stripslashes($input); } $output=mysql_real_escape_string($input); } return $output; } Nevajadzēs ne pielāgot servera konfigu, ne bāzt stripslashes, ne rakstīt ūber garo mysql_real_escape_string katrā vietā :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.