FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Form fields to database and back?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Form fields to database and back? [message #174542 is a reply to message #174539] Fri, 17 June 2011 11:09 Go to previous messageGo to previous message
bobmct is currently offline  bobmct
Messages: 16
Registered: September 2010
Karma:
Junior Member
On Thu, 16 Jun 2011 23:50:12 -0400, Jerry Stuckle
<jstucklex(at)attglobal(dot)net> wrote:

> On 6/16/2011 10:34 PM, bobmct wrote:
>> On Thu, 16 Jun 2011 21:02:23 -0400, Jerry Stuckle
>> <jstucklex(at)attglobal(dot)net> wrote:
>>
>>> It depends on what the problem is - which is why you're probably finding
>>> conflicting answers. Your question is too vague for a meaningful answer.
>>>
>>> First of all, it it ASCII, UTF-8 or some other character set? It does
>>> make a difference, and you want everything (the web page, PHP and MySQL
>>> to agree).
>>>
>>> Second of all, how are you storing and retrieving the information? Then
>>> how are you displaying it?
>>>
>>> Generally, text information should be stored in the database in text
>>> fields, using the appropriate charset and collation.
>>>
>>> But to give you a good answer requires a lot more information.
>>
>> Good points. I should have been more clear.
>>
>> The fields(s) in the Mysql database aredefined as varchar(255)
>>
>> A typical field the user would enter would be like this:
>>
>> prd ="^ptmdtr-slb.bna.com^";
>>
>> I need to store it in the db field then be able to retrieve it and
>> redisplay it exactly as entered.
>>
>> Currently I am using:
>> $fld = htmlspecialchars_decode($fld);
>> $fld = addslashes($fld);
>>
>> update table set field_name = '$fld'
>>
>> To retrieve and redisplay I use:
>> $fld = $row['field_name'];
>> $fld = htmlspecialchars($fld);
>> $fld = stripslashes($fld);
>>
>> Now I know that I am missing something here so if any ofyou kind
>> persons would suggest a "usual' sequence of functions to use to
>> accomplsih this I'd be mighty greatful.
>>
>> Thanks
>>
>
> A varchar field is great, as long as you're using the same charset all
> the way through. But there are some other problems in your code:
>
> First of all, you shouldn't be using htmlspecialchars_decode() - you do
> not get an encoded string from the browser; it's already been handled.
>
> Second of all, addslashes() is definitely the WRONG function to use -
> and has been for years. Before storing in the database, you should use
> mysql_real_escape_string($fld).
>
> When you get the data from the database, you should not be using
> stripslashes(). There's no need.
>
> Finally, when you go to display the data, you do want to use
> htmlspecialchars(), or possibly better for your needs, htmlentities().
>
> See if that doesn't work better.

Thank much Jerry,

That's just the advice I was looking for.

Bob
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: free computer ebooks updated daily
Next Topic: IP address and empty $_FILES
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 09 16:34:20 GMT 2024

Total time taken to generate the page: 0.04459 seconds