MyBB Community Forums

I've tried numerous times to fix this. I give up.
I've got the code working just fine for posts for my blog system, and this one is only slightly modified to be for the pages part.

If I insert any HTML code through the script, the MySQL query breaks. I haven't figured out why.

Here's the HTML I've tried to insert through the script:

<p>Here's what I have to do before I will release this to the public (as v2).</p>
<ol>
<li>Code the settings manager.</li>
<li>Code the template editor (with PHP/MySQL support for in the file; possible syntax highlighting.).</li>
<li>Add basic user settings (password, email change).</li>
<li>Add user group system with ability to create/delete/edit groups and permissions (admins, writers, mods, normal users).</li>
<li>Registration page with reCAPTCHA (or my own captcha system).</li>
<li>Add a link to view the post (post/&lt;postname&gt;) and convert the pages link to a less annoying way (pages/&lt;pagename&gt;).</li>
<li>Add comment system (only certain usergroups can post comments on articles; certain usergroups requiring their posts to be approved; also have posts be deletable.)</li>
<li>Installer written to make this easier to install for people.</li>
</ol>

Here's the php code used:

isset($_POST['Create_Page'])){
		  $pname = trim($_POST['pname']);
		$content = trim($_POST['content']);
		if(!isset($pname,$content)){
			print "Content or pname fields not filled in. Try again.";
		 print '   <form action="'.$domain.'/admin.php?section=pages&do=add" method="POST">
   <p>Title: <input type="text" name="pname" maxlength="30" value="'.$pname.'" /></p>
   <p>Content:<br />
   <textarea name="content">'.$content.'</textarea>  </p>
   <input name="Create_Page" type="submit" value="Create Page" /></form> ';
 }/*vars are wrong...*/
 else{
	$pname =  str_replace(" ","_", $pname);
   $sql = "INSERT INTO ".$pagetable." (`pageid`, `pname`, `content`) VALUES ('', '".$pname."', '{$content}')";
   mysql_query($sql) or die("Failed to add page to table. This is the mysql error, if there is one:<br />
<br />
<blockquote style=\"background:#000000; color:#FFFFFF;\">".mysql_error()."</blockquote>");
print "Page '{$pname}' added. Use the form below to add a new page.<br />
<br />
";
print '   <form action="'.$domain.'/admin.php?section=pages&do=add" method="POST">
   <p>Page Name: <input type="text" name="pname" maxlength="30" /></p>
   <p>Content:<br />
   <textarea name="content"></textarea>  </p>
   <input name="Create_Page" type="submit" value="Create Page" /></form> ';
}/*query*/
 }/*form submitted*/
 else{
   print '   <form action="'.$domain.'/admin.php?section=pages&do=add" method="POST">
   <p>Page Name: <input type="text" name="pname" maxlength="30" /></p>
   <p>Content:<br />
   <textarea name="content"></textarea>  </p>
   <input name="Create_Page" type="submit" value="Create Page" /></form> ';
 }

The error is not helpful.

Quote: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(pageid, pname, content) VALUES ('', 'Blog_Todo_List', '

Here\'s what I ' at line 1

---

Can anyone help?

Use

$content = addslashes($_POST['content']);

So

 where's 

will become

 where\'s 

then the mysql statement won't break

Still breaks. And now it's got more slashes then it needs. >.<

(2010-08-23, 03:26 PM)Aincalandorn Wrote: [ -> ]Still breaks. And now it's got more slashes then it needs. >.<

is your host/server running with magic_quotes enabled? if so, that would be why its getting extra slashes.

make a new php file with this in:

if(get_magic_quotes_gpc()) {
	echo "Magic quotes enabled";
else
	echo "Magic quotes disabled";
}

tell me the output.

I checked phpinfo, and it is enabled, but why wouldn't it affect the post creation, but cause bugs in the page creation?

magic_quotes adds slashes in the most inconvenient places. PHP has officially deprecated the use of this system in 5.3.2+, so if you're using this version and have magic_quotes enabled, turn it off.

(2010-08-24, 06:27 PM)Gaara Wrote: [ -> ]magic_quotes adds slashes in the most inconvenient places. PHP has officially deprecated the use of this system in 5.3.2+, so if you're using this version and have magic_quotes enabled, turn it off.

I have to wait for my host to do so. >.< I just live on the server, I have no control over it. >.<

I still don't get why its only bugging one query, and not the other. The only difference between the two is the tables and columns. The code is otherwise the same.

Well, do they both contain 's ?

Are you on a shared host?

(2010-08-26, 07:43 AM)Tommyk Wrote: [ -> ]Well, do they both contain 's ?

Are you on a shared host?

It breaks whether there's apostrophes or not. And no I'm not.