Member Avatar for davBro

Hi Guys,

I have a problem with posting a news article. I use FCK Editor, and when I enter an article and want to use the apostrophe in a string like this: This is a test article. It can't be done right. The display reads as: This is a test article. It can\'t be done right.

I would like to know how to over come the problem of the backslash appearing in the display.

Also when I want to update the article in this way: It can be done right, can't it?

the display shows this: It can be done right. Can\'t it?

I would like the display to read: It can be done right. Can't it?

Can anyone help me in getting the display to read properly without the backslash appearing

Please find my example code attached.

<?php
	session_start();

	require_once('template/header.php');
	require_once('template/connect.php');
	require_once("fckeditor/fckeditor.php");
?>
<div class="error">
<?php
	define ('db_host', 'localhost');
	define ('db_name', 'database_name');
	define ('db_user', 'user');
	define ('db_password', 'example');
?>
<div class="error">
<?php
		
	if (isset($_POST['cmdSubmit'])) {

		$nTitle = $_POST['txtTitle'];
		$nContent = $_POST['txtContent'];
		$CategoryID = $_POST['cboCategory'];
		$nDate = $_POST['txtDate']; 
	
			// VALIDATE THE FORM  
				$message = "";

			if (empty($nTitle)) {
				$message = $message . "ERROR: Please enter News Title";
			}
			if (empty($nContent)) {
				$message = $message ."<br />ERROR: Please enter News Content";
			}
			if (empty($CategoryID)) {
				$message = $message ."<br />ERROR: Please select News Category";
			}
			if (empty($nDate)) {
				$message = $message ."<br />ERROR: Please enter Correct Date";
			}
						
			// If no errors, write the record to database
			if ($message == "") {
		
			//Connect to specified MySQL database
			$db = new mysqli (db_host, db_user, db_password, db_name);
		
			// Prepare the statement
			$stmt = $db->prepare("INSERT INTO news (nTitle, nContent, CategoryID, nDate) values (?, ?, ?, ?)");
		
			// Bind parameters (dont change date -= date is a php function!)
			$stmt->bind_param('ssis', $nTitle, $nContent, $CategoryID, $nDate);
			
			// Execute the statement
			$stmt->execute();
			//mysqli_stmt_execute($stmt);
	
			// Close the statement	
			$stmt->close();
		}
		echo $message;
	}
    echo $db->error;
?>
</div>
	<form id="frmAddNews" method="post" action="addNews.php">
		<fieldset> 
			<legend>&#160;&#160;Add News Article&#160;&#160;|&#160;<a href="menu.php" class="apageLinks">Main Menu</a>&#160;|&#160;<a href="logout.php" class="apageLinks">Log out</a>&#160;&#160;</legend> 
				<p><br />
					<label>News Title:</label>
						<input type="text" name="txtTitle" size="50" value="" /><br /><br />
			
					<label>News Category:</label>
						<select id="cbocategory" name="cboCategory">
							<option value="">Select Category&#160;&#160;</option>
							<option value="1">Local News</option>
							<option value="2">Local Events</option>
							<option value="6">Interstate News</option>
						</select><br /> 
				
					<label>News Content:</label>
						<!--<textarea name="txtContent" cols="30" rows="6"></textarea>-->
						<?php
							$oFCKeditor = new FCKeditor('txtContent');
							$oFCKeditor->ToolbarSet = 'Normal';
							$oFCKeditor->BasePath = 'fckeditor/';
							$oFCKeditor->Value = '';
							$oFCKeditor->Create();
						?><br /> 
					
					<label>Date of Article</label>
					<label>(yyyy-mm-dd)</label><br />
						<input type="text" name="txtDate" size="12" value="" />&#160;&#160;&#160; 
			
					<input type="submit" name="cmdSubmit" id="cmdSubmit" value="Add News" />
					<input type="reset" name="cmdReset" id="cmdReset" value="Reset" /><br /> 
				</p>
		</fieldset>
	</form>
<!-- End of page content -->
</div>
</body>
</html>
<?php
	session_start();

	$title = "Update News Article";
	require('template/header.php');
	require_once('template/connect.php');
	require_once("fckeditor/fckeditor.php");
?>

<!-- Page content follows -->
<?php
        $newsIDFromSession = $_SESSION['NewsID'];
	if ($_SESSION['loggedIn']) {

		if (isset($_POST['cmdSubmit'])) {
			// CREATE VARIABLES from form's POST data
			//$NewsID = $_POST['cboNewsID'];
		    $nTitle = mysqli_real_escape_string($db, trim($_POST['txtTitle']));
			$nContent = mysqli_real_escape_string($db, trim($_POST['txtContent']));
			$nDate = mysqli_real_escape_string($db, trim($_POST['txtDate']));
 
			// VALIDATE THE FORM (this is very basic - you are to make the validation more comprehensive)
			$message = "";

			if (empty($nTitle)) {
				$message = "ERROR: Enter News Title";
			}
			if (empty($nContent)) {
				$message = "ERROR: Enter News Content";
			}
			if (empty($nDate)) {
				$message = $message . "\nERROR: Enter Publish Date of News Article";
			}

			// If no errors, update the record in the database
			if ($message == "") {
			    $NewsID = $_SESSION['NewsID'];
				$query = "UPDATE news SET NewsID = '$NewsID', nTitle ='$nTitle', nContent = '$nContent', nDate = '$nDate'
				          WHERE NewsID = '$NewsID'" or die ('<p>*** ERROR: unable to update record ***</p>');
				$result = @mysqli_query($db, $query); 
				$message = 'News Article has been updated';
			}
		}
		else {  // first time form is displayed: Initialise variables and obtain record from database
			$NewsID = "";
			$message = "";
                    
                       
			// run the database query to find requested record 
			$query = "SELECT news.NewsID, news.nTitle, news.nContent, news.nDate 
				  FROM news WHERE news.NewsID = " . $newsIDFromSession or die('<p> *** ERROR: Could not read table. Please try again later ***</p>');
	               
			$result = @mysqli_query($db, $query);
			while($row = mysqli_fetch_assoc($result)){
				$NewsID = $row['NewsID'];
				$nTitle = $row['nTitle'];
				$nContent = $row['nContent'];
				$nDate = $row['nDate'];
			}


		}
?>
		<form id="frmUpdate" method="post" action="updateAction.php">
		  	<fieldset>
				<p>	
					<legend>&#160;&#160;Update News Article:&#160;<?php print $newsIDFromSession; ?>&#160;|  
						<a href="menu.php" class="apageLinks">Back to menu</a>&#160;|&#160;<a href="logout.php" class="apageLinks">Log out&#160;&#160;</a></legend><br />  
			  	
						<label>New Title:</label> 
						<input type="text" name="txtTitle" id="txtTitle" size="50" value="<?php print $nTitle; ?>" /><br /><br />
				
					<label>News Content:</label>
						<?php
							$oFCKeditor = new FCKeditor('txtContent');
							$oFCKeditor->ToolbarSet = 'Normal';
							$oFCKeditor->BasePath = 'fckeditor/';
							$oFCKeditor->Value = $nContent;
							$oFCKeditor->Create();
							
						?><br /><br /> 
			  
				  	<label>News Publish Date: &#160;&#160;&#160;</label> 
						<input type="text" name="txtDate" id="txtDate" size="12" value="<?php print $nDate; ?>" /><br /><br /> 	 
				 
				  	<input type="submit" name="cmdSubmit" id="cmdSubmit" value="Update News Article" />
				     
				  	<label>Report:</label> 
				  	<textarea name="txtMessage" id="txtMessage" cols="50" rows="4" readonly="readonly"
						      style="background-color:#FFFFFF;color: #4694DF; overflow:hidden;"><?php print $message;?></textarea>&#160;<br /><br />
				 </p>
			</fieldset>
		</form>
		<!-- End of page content -->

<?php
}
else {
    	print 'ERROR: you are not authorised to access this page';
} 
?>
</div>
</body>
</html>
<?php ob_start();
	session_start();
	
	$aName = "";
	$aPassword = "";

	require_once('template/connect.php');
?>

<?php
	if ($_SESSION['loggedIn']) {
		
		if (isset($_POST['cmdSubmit'])) {
        echo 'class="error"';
			// Check if a radio button has been selected
			$message = "";
	
			if (empty($_POST['rdoChooseRec'])) {
				$message = "ERROR: Please choose a News Article";
			}
    
			// If no errors, REDIRECT to updateAction.php
			if ($message == "") {
				$_SESSION['NewsID'] = $_POST['rdoChooseRec'];
	
				// start defining the URL
				$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
	
				// check for trailing slash
				if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
					$url = substr($url, 0, -1); // get rid of slash
				}
				// add the page name and create the header 
				$url .= '/updateAction.php';
				header("Location: $url");
				exit(0);
			}
		}
		else {  // this is the first time form will be displayed. Initialise variable
			$message = "";
			$_SESSION['NewsID'] = "";
		}
		require_once('template/header.php');//Display page header
?>		
 		<br /><br /><br /><br />
		<div id="updateNews">
		<form id="frmupdateNews" method="post" action="updateNews.php">
			<fieldset>
				<legend>&#160;Select News Article to Update&#160;|&#160;<a href="menu.php" class="apageLinks">Main Menu</a>&#160;| 
						
                        <a href="logout.php" class="apageLinks">Log out&#160;&#160;</a></legend><br />
                        <p>  
						
						<table width="100%">
							<tr>
								<th>&#160;</th>
								<th>ID</th>
								<th>Title</th>
								<th>Date</th>
							</tr>
<?php
							// set up the SQL query 
							$query = 'SELECT news.NewsID, news.nTitle, news.nDate FROM news WHERE news.CategoryID = news.CategoryID' 
										or die('Could not read table. Please try again later');

							// run the database query
							$result = mysqli_query($db, $query);

							while( $row = mysqli_fetch_assoc($result) ){
								print "\n<tr>";
								print '<td>';
								print '<input type="radio" name="rdoChooseRec" id="rdoChooseRec" value="' . $row['NewsID'] .'" />'; 
								print '</td>';
								print '<td>';
								print $row['NewsID'];
								print '</td>';
								print '<td>';
								print $row['nTitle'];
								print '</td>';
								print '<td>';
								print $row['nDate'];
								print '</td>';
								print '</tr>';
							}
?>
						</table><br />
						<input type="submit" name="cmdSubmit" id="cmdSubmit" value="Proceed to EDIT screen" />&#160;&#160;&#160;&#160;
						<span style="color: #4694DF;"><?php print $message; ?></span><br /><br />
					</p>
	        </fieldset></div><p style="clear:both"></p>
</form>	<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
<!-- End of page content -->

<?php
}
else {
    	print 'ERROR: you are not authorised to access this page';
} 
?>
</div>
</body>
</html>
  • 2 Contributors
  • 4 Replies
  • 186 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by diafol

Recommended Answers

All 4 Replies

Member Avatar for diafol

Are you using CKEditor or FCKEditor?

This is due to the automatic addslash.

You can get rid of these with stripslashes(...fckeditor output...) Switch off magic_quotes if you want to stop this (I assume that's why it's happening).

If you use the latest version of PHP, perhaps this will disappear.
Place some apostrophes in 'normal' form fields and see if you get the same result. If you do, it's due to magic quotes.

Edited by diafol because: n/a
Member Avatar for davBro

Howdy ardav, thanks for your suggestion in turning off magic quotes to eradicate the backslash problem I had. It seems to be working ok now, touch wood.
I inserted a piece of code I found into the files I attached and uploaded earlier and so far the backslashes do not appear when adding new articles or updating new articles.

<?php
    if (get_magic_quotes_gpc()) {
        $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);

    while (list($key, $val) = each($process)) {

        foreach ($val as $k => $v) {
            unset($process[$key][$k]);
            if (is_array($v)) {
                $process[$key][stripslashes($k)] = $v;
                $process[] = &$process[$key][stripslashes($k)];
            } else {
                $process[$key][stripslashes($k)] = stripslashes($v);
            }
        }
    }
    unset($process);
}
?>

Thanks for your help

Cheers davBro.

Edited by TrustyTony because: fixed formating
Member Avatar for davBro

Howdy again ardav,

I forgot to mention I use XAMPP with phpMyAdmin 3.1.3.1.

Cheers, davBro

Member Avatar for diafol

Ok mark as solved

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.