W
windandwaves
Hi Folk
This question has been bugging me for month. I have a website where people can enter stuff into a mysql database. Some of this
information will already be shown in some textareas and input boxes, the user may change it and then hit submit. All the values are
then passed to a mysql database, overriding the existing values (after the old ones have been backed-up).
All of this works marvellous, apart from characters like &, ' and ". To make it even worse, some of the original text already
contains &039; and other numeric character codes.
Any values from the database are displayed by retrieving them from the DB
[simplified of course]
mysql_quer(...)
$row = ...
$Vold1 = $row[x];
$Vold2 = $row[y];
etc...
<INPUT VALUE=$Vold NAME="x">
<TEXTAREA>$Vold</TEXTAREA NAME="y">
Any values that are submitted are processed as follows:
$V1 = trim(stripslashes(htmlentities(trim($_POST["x"])))))
$V1 = trim(stripslashes(htmlentities(trim($_POST["y"])))))
then $V is inserted into the table using a mysql query.
Am I doing it right or am I making a mess of it?
- Nicolaas
This question has been bugging me for month. I have a website where people can enter stuff into a mysql database. Some of this
information will already be shown in some textareas and input boxes, the user may change it and then hit submit. All the values are
then passed to a mysql database, overriding the existing values (after the old ones have been backed-up).
All of this works marvellous, apart from characters like &, ' and ". To make it even worse, some of the original text already
contains &039; and other numeric character codes.
Any values from the database are displayed by retrieving them from the DB
[simplified of course]
mysql_quer(...)
$row = ...
$Vold1 = $row[x];
$Vold2 = $row[y];
etc...
<INPUT VALUE=$Vold NAME="x">
<TEXTAREA>$Vold</TEXTAREA NAME="y">
Any values that are submitted are processed as follows:
$V1 = trim(stripslashes(htmlentities(trim($_POST["x"])))))
$V1 = trim(stripslashes(htmlentities(trim($_POST["y"])))))
then $V is inserted into the table using a mysql query.
Am I doing it right or am I making a mess of it?
- Nicolaas