I have created a Textarea control. The data entered in this control goes to a database when Submit is clicked. However, when the user types single quotes while entering value in this control and clicks Submit, data does not go to the database.
How can I allow users to enter special characters like this while entering data in the form?
When inserting data in a query, you have to escape them with mysql_real_escape_string() (if mysql database). This protects you from SQL Injections.
mysql_query("INSERT INTO table(col) VALUES('".mysql_real_escape_string($data)."')");
When showing data in form elements, you have to escape them like this with htmlspecialchars() function. This protects you from XSS.
<textarea><?php echo htmlspecialchars($data, ENT_QUOTES); ?></textarea>
Related
I have a webform in ASP.NET this form includes almost 40 fields from which some are picture upload fields.
If some fields are not related to user he/she will not put any value in them so how can I handle this if some values are not insert by user in form. So that its doesn't through an error due to empty fields.
This isn't to do with program logic as much as it is business logic so you could do this:
When a user does not input any data into a field you could:
1) Allow your database table(s) to accept null values for when this case occurs and treat the data that you use in future as though it may contain nulls.
2) Populate any fields that the user did not enter any information in with 'dummy data'. This is to say that you could do something like:
string someForm = "";
if(string.isNullOrEmpty(txtSomeForm.Text))
{
someForm = "N/A";
}
Then you check within your program for whether the string that was input by the user, and saved to the database equals "N/A" (non-applicable). If it equals "N/A" then you know it's not relevant to the user.
I am working on project which have zend framework.In that I want to create different form for different languages.which insert same data but language is different in mysql database table.I have no idea how can I insert all forms data in table by only submitting one form.in short I want a logic for inserting data from all different languages form just by submitting one language form.
You only need one form, guide your user by passing different language parameters. for example
http://127.0.0.1/controller/action/lan/en
Then show different Form Label to your user using the parameter you got (In your view)
$lan = $this->_getParam("lan");
if($lan == "en"){
$this->view->labelForInput1 = "English";
$this->view->labelForInput2 = "Another English Label";
}
else{
// define different language label here
}
Finally using a hidden input to pass the language choice into your form
Thus when you want to show the result to user, you will able to know which language you should use.
i have a simple form with a textarea and a save button.
what is entered in the field is stored in mysql and then displayed on another page.
each time you enter stuff in the textarea and save, it saves it on top of what is already stored, making an even longer string, if you see what i mean.
im using mysql_real_escape_string
on testing, when i enter an apostrophe for the first time it is displayed as \' which is correct. but when i enter an apostrophe again it breaks down
what is going on?
thanks
ahh. sorry. just worked it out. i wasnt escaping the original data that was being stored and then added on to the new data - if that makes sense
I am trying to submit a form field whose value is Transaction ID - sample . When the date gets submitted the value is Transaction ID ? sample
How do I get rid of the ?
I used HTML special codes for dash/long dash/short dash but still value gets submitted as ?
Please help
The only way to ensure that all input characters get sent correctly is to use UTF-8 character encoding for the form data. This happens automatically if the page containing the form is UTF-8 encoded (and declared to be that); otherwise, use the parameter accept-charset=utf-8 in the form data.
Naturally, you form handler must then be prepared to handling UTF-8 encoded data.
I have created Wordpress custom fields through functions.php. My code works fine, and I've few input fields and some checkboxes.
Problem is when I save post, even if I don't put content inside my form, these rows are created in DB. I'd like to do some kind of php check and avoid creation of row in DB if field content is not saved.
I tried several ways, but in most cases it would result in incorrect behaviors of checkboxes for example.
Full code is here: http://pastebin.com/embed_js.php?i=Vvnseiep
I'd appreciate your help in this matter. I'm not very experienced.
Thanks!
Here Validation part comes into play. Why cant you use Javascript to validate your input in the client environment itself and then allowing it to hit the db.
Name all of the checkboxes the same(name="meta_box_check[]"). They must still have different ID's. When the form is posted you will be given an array of values that were checked in $_POST['meta_box_check']. You can then check if the array is empty. You can also save the checkbox data as JSON data. This isn't always good practice, but will only use one data row to save any and all checkbox values.
<?php
if(!empty($_POST['meta_box_check']))
{
//process your data and save it
update_post_meta($post_id, 'meta_features_checklist', json_encode($_POST['meta_box_check']));
}
?>
This is a basic example and make sure you do some data validating before saving.