PHP Version 5.2.3
MySQL version - 5.0.45
magic_quotes_gp c - On
I'm using the edit script below. When the form is displayed with the information to be edited - if there is a single quote in the title it (the title) gets messed up.
When this script is first called it displays a list of all the titles in the database with an Edit ---- Delete link next to it.
At this point the title is displayed correctly. For example:
$title = The World's Fastest Car
What's displayed = The World's Fastest Car
The 's after World is there. Good
When you click on Edit next to a title, a form is displayed with all the information from the database.
Everything shows up OK except for the title. For example:
$title = The World's Fastest Car
What's displayed and re-entered into the database when edit is submitted = The World Fastest Car
The 's after World is now gone. I've tried several things but can't seem to overcome this problem. Any ideas?
MySQL version - 5.0.45
magic_quotes_gp c - On
I'm using the edit script below. When the form is displayed with the information to be edited - if there is a single quote in the title it (the title) gets messed up.
When this script is first called it displays a list of all the titles in the database with an Edit ---- Delete link next to it.
At this point the title is displayed correctly. For example:
$title = The World's Fastest Car
What's displayed = The World's Fastest Car
The 's after World is there. Good
When you click on Edit next to a title, a form is displayed with all the information from the database.
Everything shows up OK except for the title. For example:
$title = The World's Fastest Car
What's displayed and re-entered into the database when edit is submitted = The World Fastest Car
The 's after World is now gone. I've tried several things but can't seem to overcome this problem. Any ideas?
Code:
<?php
include("includes/dbconnect.php");
if(!isset($cmd))
{
$result = mysql_query("select * from cool order by id desc");
while($r = mysql_fetch_array($result))
{
$title = stripslashes($r['title']);
$source = stripslashes($r['source']);
$content = stripslashes($r['content']);
$id = $r['id'];
echo "
$title [ <a href='edit_cool.php?cmd=edit&id=$id'>Edit</a> ]
[ <a href='edit_cool.php?cmd=delete&id=$id'>Delete</a> ]
<br>
";
}
}
if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")
{
if (!isset($_POST["submit"]))
{
$id = $_GET["id"];
$sql = "SELECT * FROM cool WHERE id='$id'";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
$title = stripslashes($myrow['title']);
$source = stripslashes($myrow['source']);
$content = stripslashes($myrow['content']);
$id = $myrow['id'];
echo "
<form action='edit_cool.php' method='post'>
<input type=hidden name='id' value='$id'>
Title:<br>
<input type='text' name='title' value='$title' ><br><br>
Source:<br>
<input type='text' name='source' value='$source'><br><br>
Content:<br>
<textarea name='content' rows=30 wrap=virtual>$content</textarea><br><br>
<input type='hidden' name='cmd' value='edit'>
<input type='submit' name='submit' value='submit'>
</form>
";
}
if ($_POST["$submit"])
{
$title = escape_data($_POST['title']);
$source = escape_data($_POST['source']);
$content = escape_data($_POST['content']);
$sql = "UPDATE cool
SET title='$title',
content='$content',
source='$source'
WHERE id='$id'";
$result = mysql_query($sql);
echo "Information updated.";
}
}
?>
Comment