To addslash or not to addslash

viveleroi0

I am having an issues with slashes. I have a script that takes a textarea product description and adds it into the database. First, it addslashes. This works fine. I check the database after this step and the text is correct and where it is supposed to be.

First, after POSTing the form, PHP adds slashed to the product description:
[PHP
$ProdDesc2=addslashes($ProdDesc);
[/code]

then, it adds it, as well as other form values, to the MySQL database:

	
$NewProd1="INSERT INTO $Product_DB (ProdCat, SubCat, SubCat3, ID, ProdName, ProdPrice, ProdDesc, ProdDate, ProdMisc) VALUES (\"$MainCat2\", \"$SubCat\", \"$SubCat3\", \"$NewProdID\", \"$ProdName2\", \"$ProdPrice\", \"$ProdDesc2\", \"$add_date\", \"$SubCat2\")";
mysql_query($NewProd1) or die ("<p>Error performing query: $Product_DB " . mysql_error() . "</p>");

Right after it adds it to the database, PHP generates another HTML form that takes some additional info (address of the product image).

		<input type=\"hidden\" name=\"ProdDesc\" value=\"$ProdDesc\">

Then, I have a script that A) calculates the image dimensions and scales it, and then adds the image source (after addslashing it) to the database, as well as re-recording the original ProdDesc field. Now, I have tried
To addslash the proddesc text again, I have tried not doing it and using the raw textarea data. EITHER WAY., the PHP trips on the “ within the text, and never adds it to the database.

	$Image_Array=Image_Tool($Image1);
	$Scale_Width=$Image_Array[0];
	$Scale_Height=$Image_Array[1];
	$Image_SRC1="<a href=\"images.php?File=$Image1\"><img src=\"$Image1\" width=\"$Scale_Width\" height=\"$Scale_Height\" border=\"0\"></a>";
	$Adj_Image_SRC1=addslashes($Image_SRC1);

Here is where it adds it to the database:

$NewProd2="UPDATE $Product_DB SET ProdDesc=\"Prod_Desc\", ProdImage=\"$Adj_Image_SRC1\" WHERE ID=\"$NewProdID\"";
mysql_query($NewProd2) or die ("<p>Error performing query: $Product_DB " . mysql_error() . "</p>");

Now, everything works. But, to simplify, here is what happens:

Text in form field ProdDesc is run through “addslashes”
That slashed text is entered into a MySQL database. (This step works fine)
That same form field text (tried both slashed, and unslashed) is made a field in a second form (for editing)
Then, that form is supposed to write that data to the database.
But what happens, is PHP sees the quotation mark and stops, the database field is empty.
But PHP sees the quotes no matter what…

Could it be the fact that I am sending a variable from one form to another form, and trying to INSERT it?

batman

Try just changing the douple quotation " to a single one ' without the backslashes \ .

If this doesn't answer your question then I'm sorry, it's just the post is a lil confusing. What part exactly are you having trouble with? This part?

$Image_Array=Image_Tool($Image1); 
    $Scale_Width=$Image_Array[0]; 
    $Scale_Height=$Image_Array[1]; 
    $Image_SRC1="<a href=\"images.php?File=$Image1\"><img src=\"$Image1\" width=\"$Scale_Width\" height=\"$Scale_Height\" border=\"0\"></a>"; 
    $Adj_Image_SRC1=addslashes($Image_SRC1);

Let me know,