Hi!
I'm having a minor issue with a large multi-page form. A couple of submitters have used semi-colons in text and textarea fields when submitting the form. This doesn't have any effect on the emailing of the form data, but we are also saving this to a database.
It appears that the semi-colon is not being escaped, and therefore it's terminating the SQL statement prematurely and no data is being added to the database.
Is there a way for me to 'add_slashes()' before the the data is submitted, or is this a small bug to fall into max's lap?π
Many thanks
Keith
I'm having a minor issue with a large multi-page form. A couple of submitters have used semi-colons in text and textarea fields when submitting the form. This doesn't have any effect on the emailing of the form data, but we are also saving this to a database.
It appears that the semi-colon is not being escaped, and therefore it's terminating the SQL statement prematurely and no data is being added to the database.
Is there a way for me to 'add_slashes()' before the the data is submitted, or is this a small bug to fall into max's lap?π
Many thanks
Keith
Nope, nothing in those. They don't discuss the data integrity / sanitisation required...
Hi Keith,
My WordPress is a bit rusty. You can try adding a Custom Code action before the DB Save with code like this:
Bob
My WordPress is a bit rusty. You can try adding a Custom Code action before the DB Save with code like this:
<?php
$form->data['input_name'] = sanitize_text_field($form->data['input_name']);
?><?php
$form->data = get_posts($form->data);
?>Bob
AH! Custom Code actions!!!! Of course! Thanks Bob!
Just to double check, the 'sanitize_text-field()', is that a specific function that is available through chronoforms, or just an example? Obviously i don't want to reinvent the wheel if there's already a nice function available in CFπ
Cheers
Keith
Just to double check, the 'sanitize_text-field()', is that a specific function that is available through chronoforms, or just an example? Obviously i don't want to reinvent the wheel if there's already a nice function available in CFπ
Cheers
Keith
That worked perfectly! Thanks. Awesome support as always.
Here's my specific solution, just in case it helps anyone else.
In this case the form has over 100 fields many of which are text fields, so specifically naming them is really a sensible option. So to loop through all fields:
1. Create a custom code action just prior to the DB save
2. Add the following code to that action:
Here's my specific solution, just in case it helps anyone else.
In this case the form has over 100 fields many of which are text fields, so specifically naming them is really a sensible option. So to loop through all fields:
1. Create a custom code action just prior to the DB save
2. Add the following code to that action:
<?php
foreach($form->data) as $thisDataKey => $thisDataValue) {
$form->data[$thisDataKey] = sanitize_text_field($form->data[$thisDataKey]);
}
?>
This topic is locked and no more replies can be posted.
