Its a scenario of message and the reply post for articles and the posted messages are stored in the database.
This message as a parameter is passed to the script (lets call is 'insert.php') doing this insertion is called from the js function onclick of the submit.
Inside this 'insert.php', before inserting into the database there is just a mysql_real_escape_string() on that message string passed to it. It replaces the comma with the backslash & comma.And the same is assigned to the hidden variable in the form in the "insert.php" the target of it is the ref i.e. original script which calls for this script through js function , having the html input elements, to display back as message inserted by the user, say part of the "Thank you" message. But the problem comes now.Inside this, thank you message only the part of the inserted string upto the backslash (which was introduced by the mysql_real_escape_string with the comma)is displayed.
This is been verified that the string (which is a test string containing comma) is passed as a whole to the "insert.php".So no issues while passing to it, I doubt theres something wrong while assigning the message string inside the "insert.php" to the hidden element.
For example, the passed string is stored in the $msg variable and then escaped and used in the insert query.Finally assigned to the hidden inside the form like somewhat below.
$msg = $_POST['msg_frm_js_functn']; $msg = mysql_real_escape_string($msg); echo "..<form name='frm' id='frm' method='post' action='".$ref."'> <input type='hidden' name='hdn_msg' value='".$msg."' > </form>"; echo "<script>document.frm.hdn_msg.submit()</script>";
The messaged returned from here is displayed as -
$msg_show = str_replace("\'","'",$_POST['hdn_msg']); $msg_show = str_replace('\"','"',$msg_show); <div>Your message:<?=$msg_show?> </div>