POST variable is not being saved correctly
Question by user2078757
Im using method post to send a mutliple input text form, i draw information from the database to after re insert the information which is inside input text:
echo "<CENTER><TABLE BORDER='0'>";
echo "<FORM METHOD='POST'>";
$sele_players = "SELECT nombre FROM JUGADORES WHERE NOM_EQUIPO='Aston villa'";
$sele_players = mysql_query( $sele_players , $link );
while( $row = @mysql_fetch_assoc( $sele_players ) )
{
$row['nombre'] = addslashes( $row['nombre'] );
echo "<TR><TD ALIGN='CENTER'>".$row['nombre']."</TD>";
echo "<TD><INPUT TYPE='TEXT' NAME='{$row['nombre']}'></TD></TR>";
}
echo "<TR><TD COLSPAN='2' ALIGN='CENTER'><INPUT TYPE='submit' NAME='send2' VALUE='INSERTAR' style='width:200px; height:60px' ></TD></CENTER></TR>";
ok here i get the names of players from database, then i use them for insert inside input text as his name, to after pick with array $_POST:
if( !empty( $_POST['send2'] ) )
{
foreach($_POST as $jugador => $points)
{
$jugador = str_replace( "__" ,". ", $jugador );
$jugador = str_replace( "_" ," ", $jugador );
if( $points == "" )
{
$points = "NULL";
}
$inser_jornada = "INSERT INTO JORNADA VALUES( '{$_GET['jornada']}','{$_GET['equipo']}', '$jugador', '$points', now() );";
So there is no problem with most of names, excluding N’Zogbia name or apostrophe names which is shown in $_POST array as ‘N’, i have tried adding slashes before send it through from but doesnt work, so i dont know how to get the complete name in post array, thats the main problem.
THanks forwarded!!
Answer by Starx
There are many things to point out here. But instead of that, I will try my best to be helpful.
Add your database entries using mysql_real_escape_string($variableName) to enter the content to the database. It will automatically escape such quotes and make it a little SQL Injection proof.
