help with a news posting script

Codewalkers Forums Sponsor:

November 2nd, 2002, 09:09 PM

Anonymous

Registered User

Codewalkers God 35th Plane (22000 - 22499 posts)

Join Date: Apr 2007

Posts: 22,309

Time spent in forums: < 1 sec
Reputation Power: 24

help with a news posting script

ok..here's the script i'm using..

php Code:

Original - php Code

<?PHP
/////////////////////////////////////////////////////////////
// ... rNews made by RyZeR ...
// ... xcelsius@hotmail.com for bugs and/or questions ... 
// ... PLZ LEAVE THE COPYRIGHT ALONE ...
///////////////////////////////////////////////////////////
//##################################################  #######
// #######
// INCLUDE
// #######
require("config.php");
include_once ("functions.php");

// #####
// LOGIN
// #####
session_start(); 
if ($password != $passx){ 
	include("login.php"); 
}else{

// #############
// CONNECT TO DB
// #############
$link = mysql_connect($db_hostname, $db_username, $db_password) or die("Could not connect");
mysql_select_db($db_dbname) or die("Could not select database");

// #######################################
if ($id == "add"){
	if ($action == "do"){
			// Check Fields
			if (!($ntext && $nsubject && $nemail && $nuser)){
				echo "Please go back and fill all fields...";
			exit;
			}
			
			
			// Convert Vars
			$ntext = ereg_replace("\'", "'", $ntext);
      		$ntext = ereg_replace('\"', '"', $ntext);
			$ntext = nl2br($ntext);
			
			$ntext = strip_tags($ntext, '<br><font><img><object><marquee><hr><sub><tt><sup><s><b><i><u><li><ul><a><blockquote><span><hr><pre>');
			
			$ntext = InsertBBCode($ntext);
						
			$ndatum = date("m/d/y");

// Query: Get last ID...
			$query = "SELECT * FROM news ORDER BY id DESC"; 
   			$result = mysql_query($query); 
			$record = mysql_fetch_object($result);
			$lid = "$record->id";
			
			// Query: Put in DataBase
			$nid = $lid + 1;
			$query = "INSERT INTO news (id, subject, user, email, text, datum) VALUES ('$nid', '$nsubject', '$nuser', '$nemail', '$ntext', '$ndatum');";
  			if (!(mysql_query($query))){
			echo "<br>Error Adding: ".mysql_error();
			}else{
			?>
			<script language="JavaScript" type="text/JavaScript">
function MM_goToURL() {
  var i, args=MM_goToURL.arguments; document.MM_returnValue = false;
  for (i=0; i<(args.length-1); i+=2) eval(args[i]+".location='"+args[i+1]+"'");
}
</script>
<body onLoad="MM_goToURL('parent','admin.php');return document.MM_returnValue">
<?PHP
			}
			
	}else{
?>

<?PHP
/////////////////////////////////////////////////////////////
// ... rNews made by RyZeR ...
// ... xcelsius@hotmail.com for bugs and/or questions ... 
// ... PLZ LEAVE THE COPYRIGHT ALONE ...
///////////////////////////////////////////////////////////
//##################################################  #######
// #######
// INCLUDE
// #######
require("config.php");
include_once ("functions.php");
 
 
// #####
// LOGIN
// #####
session_start(); 
if ($password != $passx){ 
    include("login.php"); 
}else{
 
 
 
// #############
// CONNECT TO DB
// #############
$link = mysql_connect($db_hostname, $db_username, $db_password) or die("Could not connect");
mysql_select_db($db_dbname) or die("Could not select database");
 
 
// #######################################
if ($id == "add"){
    if ($action == "do"){
            // Check Fields
            if (!($ntext && $nsubject && $nemail && $nuser)){
                echo "Please go back and fill all fields...";
            exit;
            }
            
            
            // Convert Vars
            $ntext = ereg_replace("\'", "'", $ntext);
          $ntext = ereg_replace('\"', '"', $ntext);
            $ntext = nl2br($ntext);
            
            $ntext = strip_tags($ntext, '<br><font><img><object><marquee><hr><sub><tt><sup><s><b><i><u><li><ul><a><blockquote><span><hr><pre>');
            
            $ntext = InsertBBCode($ntext);
                        
            $ndatum = date("m/d/y");
 
            
            // Query: Get last ID...
            $query = "SELECT * FROM news ORDER BY id DESC"; 
      $result = mysql_query($query); 
            $record = mysql_fetch_object($result);
            $lid = "$record->id";
            
            // Query: Put in DataBase
            $nid = $lid + 1;
            $query = "INSERT INTO news (id, subject, user, email, text, datum) VALUES ('$nid', '$nsubject', '$nuser', '$nemail', '$ntext', '$ndatum');";
        if (!(mysql_query($query))){
            echo "<br>Error Adding: ".mysql_error();
            }else{
            ?>
            <script language="JavaScript" type="text/JavaScript">
function MM_goToURL() {
  var i, args=MM_goToURL.arguments; document.MM_returnValue = false;
  for (i=0; i<(args.length-1); i+=2) eval(args[i]+".location='"+args[i+1]+"'");
}
</script>
<body onLoad="MM_goToURL('parent','admin.php');return document.MM_returnValue">
<?PHP
            }
            
    }else{
?>

When I try to post news with the word "you're" or anything really with a ' in it, it gives me this error..

Error Adding: You have an error in your SQL syntax near 're', '11/02/02')' at line 1

Not sure how to fix this. Any help would be great.

November 3rd, 2002, 02:21 AM

Anonymous

Registered User

Join Date: Apr 2007

Posts: 22,309

Time spent in forums: < 1 sec
Reputation Power: 24

RE: help with a news posting script

After :

$ntext = InsertBBCode($ntext);

add:

$ntext = addslashes($ntext);

then wherever that data is pulled out of the database for display, you will need to run it through strip_slashes()

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: