FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Form fields to database and back?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Form fields to database and back? [message #174539 is a reply to message #174538] Fri, 17 June 2011 03:50 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 6/16/2011 10:34 PM, bobmct wrote:
> On Thu, 16 Jun 2011 21:02:23 -0400, Jerry Stuckle
> <jstucklex(at)attglobal(dot)net> wrote:
>
>> It depends on what the problem is - which is why you're probably finding
>> conflicting answers. Your question is too vague for a meaningful answer.
>>
>> First of all, it it ASCII, UTF-8 or some other character set? It does
>> make a difference, and you want everything (the web page, PHP and MySQL
>> to agree).
>>
>> Second of all, how are you storing and retrieving the information? Then
>> how are you displaying it?
>>
>> Generally, text information should be stored in the database in text
>> fields, using the appropriate charset and collation.
>>
>> But to give you a good answer requires a lot more information.
>
> Good points. I should have been more clear.
>
> The fields(s) in the Mysql database aredefined as varchar(255)
>
> A typical field the user would enter would be like this:
>
> prd ="^ptmdtr-slb.bna.com^";
>
> I need to store it in the db field then be able to retrieve it and
> redisplay it exactly as entered.
>
> Currently I am using:
> $fld = htmlspecialchars_decode($fld);
> $fld = addslashes($fld);
>
> update table set field_name = '$fld'
>
> To retrieve and redisplay I use:
> $fld = $row['field_name'];
> $fld = htmlspecialchars($fld);
> $fld = stripslashes($fld);
>
> Now I know that I am missing something here so if any ofyou kind
> persons would suggest a "usual' sequence of functions to use to
> accomplsih this I'd be mighty greatful.
>
> Thanks
>

A varchar field is great, as long as you're using the same charset all
the way through. But there are some other problems in your code:

First of all, you shouldn't be using htmlspecialchars_decode() - you do
not get an encoded string from the browser; it's already been handled.

Second of all, addslashes() is definitely the WRONG function to use -
and has been for years. Before storing in the database, you should use
mysql_real_escape_string($fld).

When you get the data from the database, you should not be using
stripslashes(). There's no need.

Finally, when you go to display the data, you do want to use
htmlspecialchars(), or possibly better for your needs, htmlentities().

See if that doesn't work better.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: free computer ebooks updated daily
Next Topic: IP address and empty $_FILES
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 05:50:40 GMT 2024

Total time taken to generate the page: 0.04393 seconds