Re: Form fields to database and back? [message #174542 is a reply to message #174539] |
Fri, 17 June 2011 11:09 |
bobmct
Messages: 16 Registered: September 2010
Karma:
|
Junior Member |
|
|
On Thu, 16 Jun 2011 23:50:12 -0400, Jerry Stuckle
<jstucklex(at)attglobal(dot)net> wrote:
> On 6/16/2011 10:34 PM, bobmct wrote:
>> On Thu, 16 Jun 2011 21:02:23 -0400, Jerry Stuckle
>> <jstucklex(at)attglobal(dot)net> wrote:
>>
>>> It depends on what the problem is - which is why you're probably finding
>>> conflicting answers. Your question is too vague for a meaningful answer.
>>>
>>> First of all, it it ASCII, UTF-8 or some other character set? It does
>>> make a difference, and you want everything (the web page, PHP and MySQL
>>> to agree).
>>>
>>> Second of all, how are you storing and retrieving the information? Then
>>> how are you displaying it?
>>>
>>> Generally, text information should be stored in the database in text
>>> fields, using the appropriate charset and collation.
>>>
>>> But to give you a good answer requires a lot more information.
>>
>> Good points. I should have been more clear.
>>
>> The fields(s) in the Mysql database aredefined as varchar(255)
>>
>> A typical field the user would enter would be like this:
>>
>> prd ="^ptmdtr-slb.bna.com^";
>>
>> I need to store it in the db field then be able to retrieve it and
>> redisplay it exactly as entered.
>>
>> Currently I am using:
>> $fld = htmlspecialchars_decode($fld);
>> $fld = addslashes($fld);
>>
>> update table set field_name = '$fld'
>>
>> To retrieve and redisplay I use:
>> $fld = $row['field_name'];
>> $fld = htmlspecialchars($fld);
>> $fld = stripslashes($fld);
>>
>> Now I know that I am missing something here so if any ofyou kind
>> persons would suggest a "usual' sequence of functions to use to
>> accomplsih this I'd be mighty greatful.
>>
>> Thanks
>>
>
> A varchar field is great, as long as you're using the same charset all
> the way through. But there are some other problems in your code:
>
> First of all, you shouldn't be using htmlspecialchars_decode() - you do
> not get an encoded string from the browser; it's already been handled.
>
> Second of all, addslashes() is definitely the WRONG function to use -
> and has been for years. Before storing in the database, you should use
> mysql_real_escape_string($fld).
>
> When you get the data from the database, you should not be using
> stripslashes(). There's no need.
>
> Finally, when you go to display the data, you do want to use
> htmlspecialchars(), or possibly better for your needs, htmlentities().
>
> See if that doesn't work better.
Thank much Jerry,
That's just the advice I was looking for.
Bob
|
|
|