Text Area Problem

Smackie

Hello,

      This might sound alittle noobish but im having a problem with text area..

when i feel out the form and i use ' it gives me a syntex error. Thank you
Smackie

halojoy

Smackie wrote:
This might sound alittle noobish but im having a problem with text area..
when i feel out the form and i use ' it gives me a syntex error. Thank you
Smackie

Copy and paste your <textarea> code
and the PHP script that goes along with it.
And we try to solve this, together with you.
We know too little now, to give any specific advice.

The Rule is:

give relevant details of your problem, when you ask. All you think is needed.
This will make a much better chance you get some good advice quickly.

We are good .. but we are not mind-readers 😉

thanks
halojoy

bradgrafelman

Sounds a lot like a MySQL syntax error, not a PHP syntax error.

If this is the case, then you aren't properly escaping incoming data before using it in a MySQL query. Not only should you escape string delimiters (e.g. single quotes as is the usual case in a MySQL query), but MySQL queries also require special attention; you should never place user-supplied data directly into a SQL query. Instead, you should first sanitize it with a function such as [man]mysql_real_escape_string/man.

Incidentally, by protecting yourself from SQL injection attacks, you will also resolve the issue of incoming data containing a single quote and causes syntax errors.

Xager

bradgrafelman wrote:
Sounds a lot like a MySQL syntax error, not a PHP syntax error.

Not all forms are used for MySQL 😉

bradgrafelman

Quite true, but unless he's using [man]exec/man in conjuction with a user-supplied variable (and let's not even go into the security implications that opens up), the only logical "syntax error" I came up with is that he's using the user-supplied data in a query against some time of DB software. Since MySQL is the common choice... I made a wild guess. :p

Xager

I'm allways suprised how often errors are because a simple syntax error such as = instead of == 😛

Smackie

<TEXTAREA rows=11 cols=50 NAME='events'></TEXTAREA>

Sorry took so long to reply been doing late nights trying to get the rest of the site working besides this script :-\ i know this is a simple problem but to must stress lol.. but thank you guys for helping me. :glare:

Smackie

Alright just figured it out lol right there in my face. i needed to add "addslashes" to my script...

Thank for the help

Smackie

bradgrafelman

You never actually showed us any PHP code that uses this textarea. Also note [man]addslashes/man is probably not the best solution if we're talking about a DB such as MySQL.