php - mysql_real_escape_string(htmlspecialchars) function not working when editing values -

- February 15, 2015

i'm using italy language main language in website when edit details of language characters automatically converting special character. know how fix issue...!

here code used edit database value , convert specialchars

$title7      = mysql_real_escape_string(htmlspecialchars($_post['title7'])); $description7    = mysql_real_escape_string(htmlspecialchars($_post['description7']));

here full code used edit database values

// connect database  include('db.php');   if (isset($_post['submit']))  {   // confirm 'id' value valid integer before getting form data  if (is_numeric($_post['id']))  {  // form data, making sure valid  $id = $_post['id'];  $language       = mysql_real_escape_string($_post['txtlanguage']);  $pkg_name       = mysql_real_escape_string($_post['pkg_name']);   $category       = mysql_real_escape_string($_post['category']);  $title          = mysql_real_escape_string($_post['title']);  $description1   = mysql_real_escape_string($_post['description1']);  $title2         = mysql_real_escape_string($_post['title2']);  $description2   = mysql_real_escape_string($_post['description2']);   if ($pkg_name == '' || $category == '')  {  // generate error message  $error = 'error: please fill in package name field!';   //error, display form  renderform($id,$language,$pkg_name,$category,$title,$description1,$title2,$description2);  }  else  {      // save data database  mysql_query("update saved_packages set   language       ='$language',  pkg_name       ='$pkg_name',   category       ='$category',   title          ='$title',  description1   ='$description1',   title2         ='$title2',   description2   ='$description2',   id='$id'");    // once saved, redirect view page  header("location: adm_view_package.php");   }  }  else  {  // if 'id' isn't valid, display error  echo 'error!';  }

and here result enter image description here

don't use htmlspecialchars when save data database.

you should do:

$title7      = mysql_real_escape_string($_post['title7']); $description7    = mysql_real_escape_string($_post['description7']);

and when render data database, use it:

echo htmlspecialchars($title7); echo htmlspecialchars($description7);

Search This Blog

Cap

php - mysql_real_escape_string(htmlspecialchars) function not working when editing values -

Comments

Post a Comment

Popular posts from this blog

c# - How to get the current UAC mode -

postgresql - Lazarus + Postgres: incomplete startup packet -

Need to Replace properties of single sql file using bat file -