Log in

View Full Version : Resolved Why does the following place a \ into the text


Feckie
05-25-2009, 06:34 AM
Why does the following place a \ into the text. ie: (You\'re)


<?php
$con = mysql_connect("localhost","music","pass");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("music", $con);
$Title=mysql_real_escape_string($_POST['Title']);
$Artist=mysql_real_escape_string($_POST['Artist']);
$Download=mysql_real_escape_string($_POST['Download']);
$Year=mysql_real_escape_string($_POST['Year']);
$sql="INSERT INTO Songs (Title,Artist,Download,Year) VALUES ('$Title','$Artist','$Download','$Year')";
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "Music successfully added to your database....";
echo "<img src=arrow.gif>";
mysql_close($con);
?>


The Page Code


<html>
<head>
<title>Search Years</title>
</head>
<body bgcolor="#EDD7F1" text="#733582" link="#733582" vlink="purple" alink="red"topmargin="0" leftmargin="10">
<center> <form action="Years_Search.php" method="post">
Search Years <input type="text" name="searchterm">
<input type="submit" value="Search">
</form></center>
</body>
</html><?php

$searchterm = $_POST['searchterm'];
trim ($searchterm);

if (!$searchterm){
echo 'Please enter a search term.';
}
/*add slashes to search term*/
if (!get_magic_quotes_gpc())
{
$searchterm = addslashes($searchterm);
}

@ $dbconn = new mysqli('localhost', 'music', 'pass', 'user');
if (mysqli_connect_errno())
{
echo 'Error: Could not connect to database. Please try again later.';
exit;
}

$query = "select * from `Songs` where `Year` like '%".$searchterm."%'";
$result = $dbconn->query($query);
/*number of rows found*/
$num_results = $result->num_rows;

echo '<p>Found: '.$num_results.'</p>';
/*loops through results*/
for ($i=0; $i <$num_results; $i++)
{
$num_found = $i + 1;
$row = $result->fetch_assoc();








echo "<b>{$row['Year']} - {$row['Artist']} - {$row['Title']} - <a href=http://somewhere/music_download.php?f={$row['Download']}>Download</a> - <object type=\"application/x-shockwave-flash\" data=\"http://somewhere/player.swf\" width=\"180\" height=\"20\" id=\"audioplayer1\"><param name=\"movie\" value=\"http://somewhere/player.swf\" /><param name=\"FlashVars\" value=\"playerID=1&amp;bg=0xf8f8f8&amp;leftbg=0x8297cc&amp;lefticon=0xffffff&amp;rightbg=0xe09e7b&amp;rightbghover=0xb35884&amp;righticon=0xffffff&amp;righticonhover=0xffffff&amp;text=0x666666&amp;slider= 0x666666&amp;track=0xFFFFFF&amp;border=0x666666&amp;loader=0x9FFFB8&amp;soundFile=http://somewhere/Files/{$row['Download']}\" /><param name=\"quality\" value=\"high\" /><param name=\"menu\" value=\"true\" /><param name=\"bgcolor\" value=\"#EDD7F1\" /></object></b>";
echo "</br>";



}


$result->free();
$dbconn->close();
?>


Any help would be appreciated........
djr33
05-25-2009, 06:37 AM
This line? $searchterm = addslashes($searchterm);

If not, be more specific-- what 'text' exactly?
Feckie
05-25-2009, 06:47 AM
This line? $searchterm = addslashes($searchterm);

I have tried without and still does it...




If not, be more specific-- what 'text' exactly?


You\'re it places \ in front of '


I know that that is the way it inserts it into the database, but I am trying to delete it when pulled onto page
forum_amnesiac
05-25-2009, 02:52 PM
Before you put the value onto the page have you tried using the stripslashes() function on it.
Feckie
05-25-2009, 03:35 PM
Before you put the value onto the page have you tried using the stripslashes() function on it.

How do I do that !!!!
forum_amnesiac
05-26-2009, 08:43 AM
You could for example do this


$year=stripslashes($row['Year']);
$artist=stripslashes($row['Artist']);
$title=stripslashes($row['Title']);

echo "<b>{$year} - {$artist} - {$title} - <a href=http://somewhere/music_download.php?f={$row['Download']}>Download</a> - <object type=\"application/x-shockwave-flash\" data=\"http://somewhere/player.swf\" width=\"180\" height=\"20\" id=\"audioplayer1\"><param name=\"movie\" value=\"http://somewhere/player.swf\" /><param name=\"FlashVars\" value=\"playerID=1&amp;bg=0xf8f8f8&amp;leftbg=0x8297cc&amp;lefticon=0xffffff&amp;rightbg=0xe09e7b&amp;rightbghover=0xb35884&amp;righticon=0xffffff&amp;righticonhover=0xffffff&amp;text=0x666666&amp;slider= 0x666666&amp;track=0xFFFFFF&amp;border=0x666666&amp;loader=0x9FFFB8&amp;soundFile=http://somewhere/Files/{$row['Download']}\" /><param name=\"quality\" value=\"high\" /><param name=\"menu\" value=\"true\" /><param name=\"bgcolor\" value=\"#EDD7F1\" /></object></b>";

Do this for any fields that you think could have the / inserted into the text
Feckie
05-26-2009, 08:58 AM
You could for example do this


$year=stripslashes($row['Year']);
$artist=stripslashes($row['Artist']);
$title=stripslashes($row['Title']);

echo "<b>{$year} - {$artist} - {$title} - <a href=http://somewhere/music_download.php?f={$row['Download']}>Download</a> - <object type=\"application/x-shockwave-flash\" data=\"http://somewhere/player.swf\" width=\"180\" height=\"20\" id=\"audioplayer1\"><param name=\"movie\" value=\"http://somewhere/player.swf\" /><param name=\"FlashVars\" value=\"playerID=1&amp;bg=0xf8f8f8&amp;leftbg=0x8297cc&amp;lefticon=0xffffff&amp;rightbg=0xe09e7b&amp;rightbghover=0xb35884&amp;righticon=0xffffff&amp;righticonhover=0xffffff&amp;text=0x666666&amp;slider= 0x666666&amp;track=0xFFFFFF&amp;border=0x666666&amp;loader=0x9FFFB8&amp;soundFile=http://somewhere/Files/{$row['Download']}\" /><param name=\"quality\" value=\"high\" /><param name=\"menu\" value=\"true\" /><param name=\"bgcolor\" value=\"#EDD7F1\" /></object></b>";

Do this for any fields that you think could have the / inserted into the text

Nope that just shows


- - -
Feckie
05-26-2009, 09:03 AM
Result

The below works


$year=stripslashes($row['Year']);
$artist=stripslashes($row['Artist']);
$title=stripslashes($row['Title']);

echo "<b>$year - $artist - $title -


Many Thanks