php - inserting special characters in mysql? -
can please show me im doing wrong. have form , im inserting info mysql text when u type apostrophes or puts \ in.
can recomend how mysql allow special characters?
here's html form:
<form action="includes/changebio.php" method="post" id="form1"> <textarea id="bio" textarea name="bio" data-id="bio" maxlength="710"><?php echo htmlspecialchars($profile['bio']); ?></textarea> <input type="image" src="assets/img/icons/save-edit.png"class="bio-submit" name="submit" value="submit" id="submit"/> </form> my mysql statement:
<?php require('_config/connection.php'); ?> <?php session_start(); include '_config/connection.php'; $bio = $_post['bio']; $result = mysql_query("select bio ptb_profiles id=".$_session['user_id'].""); if(!$result) { echo "the username entered not exist"; } else if($bio!= mysql_result($result, 0)) { echo ""; $sql=mysql_query("update ptb_profiles set bio ='".addslashes($bio)."' id=".$_session['user_id'].""); } if($sql) { header("location: {$_server['http_referer']}"); } ?>
2 things.
1) going tell stop using mysql_* functions , utilize pdo instead. may infact help considerably. 2) addslashes there assist insertion of special chars , prevention of sql injection. i'm sure accomplish there's whole battery of precautions should use.
in honesty, i'd switch on pdo way of things using prepared statements etc. cut down possibility of failure , increment reliability. may find don't need addslashes prepare these kind of problems.
php mysql
No comments:
Post a Comment