Submit text that contain quotes

MMitchell

I am trying to debug a delete query that is not working, and I discovered that:

It looks like when I click on the "submit" button it is sending the string up to the quote, but does not include the quote or anything after that. So I am not sure what to do to correct that.

thorpe

post your query!

MMitchell

The query is not the issue, it is my posting mechanisim. I gues you should have said "post your post" ;-)

By the time my query gets the info it is allready "cut off" at the first quote in the info.

I am away from home so I can't post the post, but I think that is where the issue is. I think the html page is truncating the text string when it sends the info to the php script.

MMitchell

Here is the code to post that is in my web page:

<form name=bm_table action="add_bms.php" method=post>

thorpe

well judging by that tiny snippet, i would say its because your using invalid html.

element values need to be surrounded in quotes to be valid. so this...

should be...

just as (and here im sure your problem lies) this...

needs to be...

hows that for a guess?

MMitchell

Thanks, but I don't think that that's it, I say that because my other functions are working with the same form, for example the "add" function.

I have tried addslashes and htmlspecialchars and mysql_escape_string

function delete_bm($user, $url)
{
  // delete one URL from the database
  if (!($conn = db_connect()))
    return false;

   // delete the Item
  // if (!mysql_query( "delete from XMAS_WISH_LISTwhere username='$user' and XMAS_ITEM='".mysql_escape_string($url)."'"))
    echo "this is the sting: ".htmlspecialchars($url) ;
  if (!mysql_query( "delete from XMAS_WISH_LIST where username='$user' and XMAS_ITEM='$url'"))
    return false;
  return true;  

}
// ========================================================

But I can never delte that darn thing. I'm not sure why it gets in the database in the first place but it does go in with the double quotes OK:

function add_bm($new_url)
{
  // Add new Item to the database

  echo "Attempting to add ".htmlspecialchars($new_url)."<BR>";
  global $valid_user;
  if (!($conn = db_connect()))
    return false;

  // check not a repeat Item
  $result = mysql_query("select * from XMAS_WISH_LIST
                         where username='$valid_user' 
                         and XMAS_ITEM='$new_url'");
  if ($result && (mysql_num_rows($result)>0))
    return false;

  // insert the new Item 
	{  

 		if (!mysql_query( "insert into XMAS_WISH_LIST values('$valid_user','".mysql_escape_string($new_url)."', NULL, NULL)"))
    			return false; 
  		else
    			return true;
	}
}