Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problems with switching to disabled register_globals

Status
Not open for further replies.
frozenpeas

frozenpeas

Technical User
Joined
Sep 13, 2001
Messages
893
Location
CA
Hello,

I have run into some problems when switching to a server that does not have register_globals enabled. I have tried to adjust my CMS scripts to accomodate this, but am having issues.

When submitting a news item with date, heading, and a small piece of text for the content, it works. It can also be edited (but only to a small extent). I am having issues with larger blocks of text (but well within reason). It appears to submit or edit fine, but nothing is added and no errors are shown.

The news content field in the MySQL db is set as MEDTEXT and this was sufficient before the server switch.

My queries are structured like this:

Code: 
$query = "INSERT INTO sylvie_news(date,heading,copy,poster) VALUES('".$date."','".$_POST['heading']."','".$_POST['copy']."','".$_POST['poster']."')";

Code: 
$query = "UPDATE sylvie_news SET heading='".$_POST['heading']."',copy='".$_POST['copy']."',poster='".$_POST['poster']."' WHERE id='".$_GET['id']."'";

These lovely problems popped up only when replacing $copy with $_POST['copy'], for example.

Thank you for your help.

Stephen

frozenpeas
--
Micfo.com Affiliate Program
 
Sort by date Sort by votes
I can only offer my standard advice at this juncture:

Print the query to the browser and examine it. Does it look right?

If so, cut-and-paste the query into whichever MySQL-query-executing application you prefer. Does it work there?




Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Thanks for the reply.

I am echoing the query and this works:

Code: 
INSERT INTO sylvie_news(date,heading,copy,poster) VALUES('2005-08-04','test','test','')

this fails:

Code: 
INSERT INTO sylvie_news(date,heading,copy,poster) VALUES('2005-08-04','test','test's','')

Ack! Okay, it must be the single quote that is causing the problem. So I added addslashes() and it seems to work now.

Thanks for your help!

frozenpeas
--
Micfo.com Affiliate Program
 
Upvote 0 Downvote
PHP has a native function to escape string values passed to a query: mysql_real_escape_string() (PHP>4.3.0) or before that mysql_escape_string()
These functions will properly escape characters that have meta meaning in SQL. addslashes() bears no guarantees that you will not find extra escaped chars in your values.
 
Upvote 0 Downvote
and what about magic qoutes? are they enabled???

Known is handfull, Unknown is worldfull
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

R
  • Locked
  • Question Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
841
Chris Miller
Chris Miller
P
  • Locked
  • Question Question
JPgraph - How to stop a line graph from dropping to zero?
Replies
2
Views
912
Chris Miller
Chris Miller
W
  • Locked
  • Question Question
how to send checked row data in php
Replies
0
Views
600
wiltang2004
W
rogerte
  • Locked
  • Question Question
How to parse associative array
Replies
13
Views
3K
Chris Miller
Chris Miller
PeDa
  • Locked
  • Question Question
Basic Authentication fails to authenicate
Replies
0
Views
587
PeDa
PeDa

Part and Inventory Search

Sponsor

Back
Top