Part of a CMS i am building involves a news page, however i'm having problems with escaping quotation marks and retaining the content of the actual quote. For example this:
this is test 1 "this is test 2" this is test 3
is being passed to the database simply as :
this is test 1
this is the actual script:
<?php
session_start();
require 'functions.php';
include 'db.php';
$mode = $_GET['mode'];
$id = $_GET[
111C
'id'];
$newsid=$_GET['newsid'];
$newsTitle = $_POST['newsTitle'];
$addNews = $_POST['addNews'];
pageTop('News', '');
if(!isset($mode))
{
echo'
<h1 align="center">Add a News Item</h1>
<p>
Use this section of the site if you wish to add a new News item for the homepage of the site.
</p>
<div align="center">
<form method="post" action="addNews.php?mode=checkNews" name="addNews">
<input type="text" name="newsTitle" id="newsTitle" value="'.$newsTitle.'"><br/>
<textarea name="addNews" cols="50" rows="10" id="addNews">'.$addNews.'</textarea>
<br />
<input type="submit" name="submit" value="submit">
</form>
</div>
';
}
if($mode == 'checkNews')
{
field_validator("Item Title", $_POST["newsTitle"], "string", 2, 100);
field_validator("New News Item", $_POST["addNews"], "string", 5, 1000);
if($messages>0)
{
echo'
<p align="center">
There was a problem with the information you submitted.
</p>
<ul class="error">
';
foreach($messages as $msg)
{
print("<li>$msg</li>\n");
}
print("</ul>\n");
include 'newsItem.php'; // Show the form again!
}
else
{
echo'
<h1 align="center">Add a News Item</h1>
<table width="100%">
<tr>
<td colspan="2" align="center"><h3>'.stripslashes($newsTitle).'</h3></td>
</tr>
<tr>
<td colspan="2" align="center" class="basic">'.stripslashes($addNews).'</td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td align="right" width="50%">
<form name="editNews" action="addNews.php" method="post">
<input type="hidden" name="addNews" value="'.$addNews.'">
<input type="hidden" name="newsTitle" value="'.$newsTitle.'">
<input type="submit" name="submitEdit" value="edit item">
</form>
</td>
<td align="left" width="50%">
<form name="insertNews" action="addNews.php?mode=insertNews" method="post">
<input type="hidden" name="addNews" value="'.$addNews.'">
<input type="hidden" name="newsTitle" value="'.$newsTitle.'">
<input type="submit" name="submitInsert" value="confirm">
</form>
</td>
</tr>
</table>
</div>
';
}
}
if($mode == 'insertNews')
{
$sql = "INSERT INTO `news` (`newsDate`, `newsItem`, `newsTitle`) VALUES (now(), '$addNews', '$newsTitle')";
$doSql = mysql_query($sql);
$check = mysql_affected_rows();
if($check >0)
{
echo'
<h3 align="center">Insert Successful!<h3>
<div align="center"><a href="admin.php">go back to Admin</a></div>
';
}
else
{
echo'
<h3 align="center">There was a problem</h3>
';
}
}
pageBottom();
?>
i've tried no end of adding slashes and removing slashes but i just cant find the problem. i've checked get_magic_quotes_gpc and it is on. single quotes do not cause a problem though..
help please.
