[Resolved] Newbie addslashes question

m_tCh

Hi, I have a question. This script works fine for me except I can't figure out how to allow the user to add special characters like an apostrophy ' on the input form. When a character like that is entered by the user the script doesn't work. I know it has to do with the addslashes function. I tried adding it a couple different ways and I just can't figure out when to add it to get it to work.

Would someone be kind enough to give me a little help.
thanks much!

 
<?php

$id = $_POST['id'];
$Doc = $_POST['Doc'];
$Name = $_POST['Name'];
$Author = $_POST['Author'];
$Dept = $_POST['Dept'];
$Level = $_POST['Level'];
$Info = $_POST['Info'];

$DBhost = "---";
$DBuser = "---";
$DBpass = "---";
$DBName = "---";
$table = "details";
mysql_connect($DBhost,$DBuser,$DBpass) or die("Unable to connect to database");
@mysql_select_db("$DBName") or die("Unable to select database $DBName");
$sqlquery = "INSERT INTO $table VALUES('{$id}','{$Doc}','{$Name}','{$Author}','{$Dept}','{$Level}','{$Info}')";
$results = mysql_query($sqlquery);
mysql_close();
print "<html><body><center>";
print "Document Name : $Name<br>";
print "Document Type : $Doc<br>";
print "Author : $Author<br>";
print "Primary Audience : $Level<br>";
print "</body></html>";
?>

devinemke

if you have magic_quotes_gpc turned OFF in your php.ini then you must addslashes manually:

$_POST = array_map('addslashes', $_POST);
extract($_POST);

$DBhost = '---';
$DBuser = '---';
$DBpass = '---';
$DBName = '---';
$table = 'details';

@mysql_connect($DBhost,$DBuser,$DBpass) or exit(mysql_error());
@mysql_select_db($DBName) or exit(mysql_error());

$sqlquery = "INSERT INTO $table VALUES('$id','$Doc','$Name','$Author','$Dept','$Level','$Info')"; 
$results = mysql_query($sqlquery) or exit(mysql_error());

mysql_close();

m_tCh

Sweet deal!

Thanks for the help!