Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 16 Dec 2006, 14:01
aragorn_reborn aragorn_reborn is offline
 
Join Date: Nov 2006
vbulletin input clean classes

Hi,

I am trying to make a vbulletin powered custom page which is a html form.
The user fills the form and the data is entered into the database.

I use the database classes of vBulletin to connect to the database and insert values. My problem is that i use a insert statement as

$var1 = $_REQUEST["var1"];
INSERT INTO TABLE VALUES (1, '$var1');

Now, if $var1 already contains a single quotes, i get an database error on submitting the form. Is there some class of vBulletin that i can use to insert the data into the database so that the database stores ' as well.

Also, is there a easy way to prevent SQL injection?

Thanks

Last edited by aragorn_reborn; 20 Dec 2006 at 15:01.
Reply With Quote
  #2  
Old 19 Dec 2006, 05:49
aragorn_reborn aragorn_reborn is offline
 
Join Date: Nov 2006
Some progress at last

I figured how to escape the single quotes error. I used the following code


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

But i have a problem with the blank lines. For example, contact is actually a textarea where the user can enter blank lines. I need the database to store the <br> as well. When i retrieve the information from the database and print it on html, i want the text to have the same formatting as it had when the user submitted the form.

I hope my question is clear.

Please help me
Reply With Quote
  #3  
Old 20 Dec 2006, 15:02
aragorn_reborn aragorn_reborn is offline
 
Join Date: Nov 2006
Pls help!!
Reply With Quote
  #4  
Old 20 Dec 2006, 22:17
Guest190829
Guest
 
Use the function

nl2br() after it is retrieved from the database.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 20:07.

Layout Options | Width: Wide Color: