Forums

ChronoForms v8 is now WordPress ready, ChronoMails is out

The JED needs volunteers!

No Insert made when the character ' is present

sh
shoeshut 17 Apr, 2008
Hello,
I have the following issue:
I have a Textarea in my form.
The Insert in the database from the form works fine when there is no special character but when I add an ' it won't Insert in the database.
In Debug mode I see this \' Which is their to prevent the classic error when inserting data.
Want can I do?
Where can I add another addslashes to be sure?
Thank you for your help.

Database Version: 5.0.22-Debian_0ubuntu6.06.9-log
Database Collation: latin1_swedish_ci
PHP Version: 5.1.2
Web Server: Apache
Web Server to PHP interface: apache2handler
Joomla! Version: Joomla! 1.5.1 Production/Stable [ Seenu ]
ChronoForms V2.5 J1.5 RC3.1
Gr
sh
shoeshut 20 Apr, 2008
Hello,
This doesn't help. I'm using Joolma v1.5.1
The Textarea data received by mail went through the Addslashes function somewhere in the process. I see the \' when it's needed.
What I don't understand is why the data is not included in the database.
Any idea?
Thx
sh
shoeshut 21 Apr, 2008
I just followed the instructions here to delete and recreate database.
Still no change.

Am I the only one with the problem?
Max_admin
Max_admin 29 Apr, 2008
Hi,

its the magic quotes may work on posted variables and not for DB inserts, long issue, but did you try to add the addslashes to the text area mosGetParam part at the autogenerated code ?

Cheers

Max
Max, ChronoForms developer
ChronoMyAdmin: Database administration within Joomla, no phpMyAdmin needed.
ChronoMails simplifies Joomla email: newsletters, logging, and custom templates.
sh
shoeshut 03 May, 2008
Hi,
I'm not much of a programmer so I'm not sure where to add the Addslashes function, what file...?
Thank you for your input.
Gr
GreyHead 04 May, 2008
Hi shoeshut,

Please see my post #7627 above - you said it didn't help but did you test?

Bob
sh
shoeshut 05 May, 2008
Hello, 
HTML_admin_misc::get_php_setting('magic_quotes_gpc',1,1);


is no longer in ./administrator/components/com_admin/admin.admin.html.php in Joomla v1.5.3.

I have looked for magic_quotes_gpc in other files but didn't find a place where I could add the addslashes function.

I will take any suggestion.
Thank you
Max_admin
Max_admin 05 May, 2008
Hi shoeshut,

ok, around the variable name JRequest::get part in the autogenerated code add the addslashes PHP function, if you cant do this then paste a piece of your autogenerated code here and I will show you an example!

Cheers

Max
Max, ChronoForms developer
ChronoMyAdmin: Database administration within Joomla, no phpMyAdmin needed.
ChronoMails simplifies Joomla email: newsletters, logging, and custom templates.
dd
ddmvisual 26 May, 2008
Hi,
i've the same problem with addslashes. I follow your inscructions posted on #4722 as:

I changed the Autogenerated code to read "'".addslashes($_POST['textarea_1'])."' ," and the form now works well.



but in my autogenerated code doesn't seems equal as your solution, i haven't any $_POST['variable'] string in it, i've got '".JRequest::getVar('variable','', 'post', 'string', '' )."' instead of it.

How can I put the addslashes php function in it? I tried to make the equivalent with javascript, but doesn't work as expected.

Here is the auto-generated code: 
<?php 
	$database =& JFactory::getDBO();
	srand((double)microtime()*10000);
	$inum	=	"I" . substr(base64_encode(md5(rand())), 0, 16);
	
	
$database->setQuery( "INSERT INTO #__chronoforms_2 VALUES  (
'' , '".$inum."','". date('Y-m-d')." - ".date("H:i:s")."', '".$_SERVER['REMOTE_ADDR']."' , '".JRequest::getVar('nom','', 'post', 'string', '' )."' , '".JRequest::getVar('cognoms','', 'post', 'string', '' )."' , '".JRequest::getVar('organitzacio','', 'post', 'string', '' )."' , '".JRequest::getVar('direccio','', 'post', 'string', '' )."' , '".JRequest::getVar('poblacio','', 'post', 'string', '' )."' , '".JRequest::getVar('provincia','', 'post', 'string', '' )."' , '".JRequest::getVar('codipostal','', 'post', 'string', '' )."' , '".JRequest::getVar('pais','', 'post', 'string', '' )."' , '".JRequest::getVar('correu_e','', 'post', 'string', '' )."' , '".JRequest::getVar('telefon','', 'post', 'string', '' )."' , '".JRequest::getVar('idioma','', 'post', 'string', '' )."' , '".JRequest::getVar('perfil','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_titol','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_categoria','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_corpus','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_any','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_pais','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_durada','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_subtitols','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_requeriments','', 'post', 'string', '' )."' , '".JRequest::getVar('obra_sinopsis','', 'post', 'string', '' )."');" );
if (!$database->query()) {
echo "<script> alert('".$database->getErrorMsg()."'); window.history.go(-1); </script>
";
}
?>


Thanks and sorry by my poor english.
Gr
GreyHead 26 May, 2008
Hi ddmvisual,

The $_POST['field_name'] code was for Joomla 1.0.x (though it should still work in Joomla 1.5).

Each entry is like this
'".JRequest::getVar('nom','', 'post', 'string', '' )."'
you can replace this with
'".addslashes(JRequest::getVar('nom','', 'post', 'string', '' ))."'
Notice the )) near the end.

Bob
This topic is locked and no more replies can be posted.