HEADER

Hello,
I have the following issue:
I have a Textarea in my form.
The Insert in the database from the form works fine when there is no special character but when I add an ' it won't Insert in the database.
In Debug mode I see this \' Which is their to prevent the classic error when inserting data.
Want can I do?
Where can I add another addslashes to be sure?
Thank you for your help.

Database Version: 5.0.22-Debian_0ubuntu6.06.9-log
Database Collation: latin1_swedish_ci
PHP Version: 5.1.2
Web Server: Apache
Web Server to PHP interface: apache2handler
Joomla! Version: Joomla! 1.5.1 Production/Stable [ Seenu ]
ChronoForms V2.5 J1.5 RC3.1

Hi shoeshut,

Please see post #4722 in this thread.

Bob

Hello,
This doesn't help. I'm using Joolma v1.5.1
The Textarea data received by mail went through the Addslashes function somewhere in the process. I see the \' when it's needed.
What I don't understand is why the data is not included in the database.
Any idea?
Thx

I just followed the instructions here to delete and recreate database.
Still no change.

Am I the only one with the problem?

Hi,

its the magic quotes may work on posted variables and not for DB inserts, long issue, but did you try to add the addslashes to the text area mosGetParam part at the autogenerated code ?

Cheers

Max

Hi,
I'm not much of a programmer so I'm not sure where to add the Addslashes function, what file...?
Thank you for your input.

Hi shoeshut,

Please see my post #7627 above - you said it didn't help but did you test?

Bob

Hello,

Code: Select all

HTML_admin_misc::get_php_setting('magic_quotes_gpc',1,1);

is no longer in ./administrator/components/com_admin/admin.admin.html.php in Joomla v1.5.3.

I have looked for magic_quotes_gpc in other files but didn't find a place where I could add the addslashes function.

I will take any suggestion.
Thank you

Hi shoeshut,

ok, around the variable name JRequest::get part in the autogenerated code add the addslashes PHP function, if you cant do this then paste a piece of your autogenerated code here and I will show you an example!

Cheers

Max

Hi,
i've the same problem with addslashes. I follow your inscructions posted on #4722 as:

I changed the Autogenerated code to read "'".addslashes($_POST['textarea_1'])."' ," and the form now works well.

but in my autogenerated code doesn't seems equal as your solution, i haven't any $_POST['variable'] string in it, i've got '".JRequest::getVar('variable','', 'post', 'string', '' )."' instead of it.

How can I put the addslashes php function in it? I tried to make the equivalent with javascript, but doesn't work as expected.

Here is the auto-generated code:

Code: Select all

<?php
   $database =& JFactory::getDBO();
   srand((double)microtime()*10000);
   $inum   =   "I" . substr(base64_encode(md5(rand())), 0, 16);
   
   
$database->setQuery( "INSERT INTO #__chronoforms_2 VALUES  (
'' , '".$inum."','". date('Y-m-d')." - ".date("H:i:s")."', '".$_SERVER['REMOTE_ADDR']."' , '".JRequest::getVar('nom','', 'post', 'string', '' )."' , '".JRequest::getVar('cognoms','', 'post', 'string', '' )."' , '".JRequest::getVar('organitzacio','', 'post', 'string', '' )."' , '".JRequest::getVar('direccio','', 'post', 'string', '' )."' , '".JRequest::getVar('poblacio','', 'post', 'string', '' )."' , '".JRequest::getVar('provincia','', 'post', 'string', '' )."' , '".JRequest::getVar('codipostal','', 'post', 'string', '' )."' , '".JRequest::getVar('pais','', 'post', 'string', '' )."' , '".JRequest::getVar('correu_e','', 'post', 'string', '' )."' , '".JRequest::getVar('telefon','', 'post', 'string', '' )."' , '".JRequest::getVar('idioma','', 'post', 'string', '' )."' , '".JRequest::getVar('perfil','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_titol','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_categoria','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_corpus','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_any','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_pais','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_durada','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_subtitols','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_requeriments','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_sinopsis','', 'post', 'string', '' )."');" );
if (!$database->query()) {
echo "<script> alert('".$database->getErrorMsg()."'); window.history.go(-1); </script>
";
}
?>

Thanks and sorry by my poor english.

Hi ddmvisual,

The $_POST['field_name'] code was for Joomla 1.0.x (though it should still work in Joomla 1.5).

Each entry is like this

Code: Select all

'".JRequest::getVar('nom','', 'post', 'string', '' )."'

you can replace this with

Code: Select all

'".addslashes(JRequest::getVar('nom','', 'post', 'string', '' ))."'

Notice the )) near the end.

Bob