- Joined
- Apr 26, 2010
- Messages
- 31,116
- Reaction score
- 13,495
- Points
- 25,965
- Age
- 34
- Location
- Norkem Park, Gauteng
Hey guys,
So I have the following, which works fine(ish). It's not the complete code, but the bit in question goes something like this:
The problem comes in that "Description" needs to contain certain special characters, including /<>'?!. It can be several paragraphs long, and also needs to include formatting where the /, <, and > come in. There are a LOT of apostrophes - this cannot be avoided. I can work around it by including \ before each special character, but 1. that's a pain, and 2. when editing the record at a later stage it is shown without the "\"s and when saved it obviously doesn't work unless I reinsert all those "\"s.
I came across something called
for the page that updates the record, and (potentially, shouldn't be needed)
for the page that views the record. However, I don't seem to be able to get this to work.
A better option I've come across is
But I also don't know how to implement it. I don't seem to be the only one, as Googling just "mysqli" brings it up as one of the top autocomplete results.
Can anyone implement mysqli_real_escape_string in the above code?
So I have the following, which works fine(ish). It's not the complete code, but the bit in question goes something like this:
PHP:
<?php
if(isset($POST['updateRecord'])) {
$updatefirstline = $_POST['updatefirstline'];
$updatesecondline = $_POST['updatesecondline'];
$updatedescription = $_POST['updatedescription'];
$seledit = UPDATE `tableName` SET `firstline`='$updatefirstline', `secondline`='$updatesecondline', `description`='$updatedescription' WHERE `id`=$getid;
$qry = mysqli_query($connect,$seledit);
if($qry)
header("location: home.php");
}
}
?>
The problem comes in that "Description" needs to contain certain special characters, including /<>'?!. It can be several paragraphs long, and also needs to include formatting where the /, <, and > come in. There are a LOT of apostrophes - this cannot be avoided. I can work around it by including \ before each special character, but 1. that's a pain, and 2. when editing the record at a later stage it is shown without the "\"s and when saved it obviously doesn't work unless I reinsert all those "\"s.
I came across something called
PHP:
addslashes($item);
for the page that updates the record, and (potentially, shouldn't be needed)
PHP:
removeslashes($item);
for the page that views the record. However, I don't seem to be able to get this to work.
A better option I've come across is
PHP:
mysqli_real_escape_string();
But I also don't know how to implement it. I don't seem to be the only one, as Googling just "mysqli" brings it up as one of the top autocomplete results.
Can anyone implement mysqli_real_escape_string in the above code?