Htmlentities

[Joseph Grogan]

Hi everyone. Little Problem.....

I have a php form that submits data to a db. But if some one put in a ' sign it fecks up the code. I think Htmlentities can get me out of this but not sure how to use it.

I put this is the code into the part that displays the results of the db

htmlentities($result_row[4])

But I dont know what to put in the part that a user submits data.

Hope that makes sense..

Thanks

 

[CiaranR]

$somevalue = $_POST['somevalue'];
$somevalueclean = mysql_real_escape_string($somevalue);

$query = "INSERT INTO `aTable` (`somevalue`) VALUES ('$somevalueclean')";

$result = mysql_query($query, $connectionvariable)

 

[Joseph Grogan]

Thanks for that frodo....

Much appriciated

 

[TheMenace]

Alternatively you can use escape quotes - replace all occurrences of ' with ''. I'd have a look at the security issues behind database inserts as well - preventing SQL injections, etc. These are the basics of safe Web app development.

 

[Joseph Grogan]

While we are on the issue of internet security. How do you go about changing urls so they dont display id=2 or something to that effect.

 

[CiaranR]

Look into mod rewrite, for example if you use apache create a file called .htaccess and put the following into it.

It will redirect all calls to yourdomain.com/2 to youdomain.com/index.php?id=2
sliently in the background leaving yourdomain.com/2 as the address in the browser

RewriteEngine on
RewriteRule ^([^/\.]+)/?$ index.php?id=$1 [L]

 

[Joseph Grogan]

cool. That a great help...... I will get it going soon hopefully


Thanks