Trouble inserting some stuff into mysql

Forum Moderators: coopster

Message Too Old, No Replies

Trouble inserting some stuff into mysql

PokeTech

11:48 pm on Jul 12, 2009 (gmt 0)

Well I'm working on a site that allows people to insert data into mysql through a textarea. I then directly insert this into mysql.

I've had a few problems with it lately though, such as entering text with quotes (") or (') and now I'm having problems entering the embedded code from youtube videos it just stops entering the data once it hits (&). I'm assuming it does this with other characters to I just haven't noticed yet.

If anyone knows how to fix this it is appreciated!

Also if you need to know I'm running PHP 5.2.9 and Mysql 5.0.83.

bkeep

6:30 am on Jul 13, 2009 (gmt 0)

How do you prep your data for insertion into the database? Do you have some sample code?

omoutop

2:26 pm on Jul 13, 2009 (gmt 0)

inserting user data into a database is a serious security risk - especially if you don't check/verify/validate those data

From your problem (errors in &), it seems you dont perform any such checkes

Take a look at mysql_real_escape_string(), htmlentities(), urlencode(), htmlspecialchars() in php manual to get a first idea on what steps to take as precaution.

Of course, this subject cant be thouroughly examined in one post - better search here in webmastrerworld, as there are many topics on those security issues

PokeTech

12:45 am on Jul 14, 2009 (gmt 0)

I figured out what the problem was, it was my ajax/jquery I was using to submit the form with. It's all working now, thanks!