February 24, 2013

POST variable is not being saved correctly

Question by user2078757

Im using method post to send a mutliple input text form, i draw information from the database to after re insert the information which is inside input text:

echo "<CENTER><TABLE BORDER='0'>";
echo "<FORM METHOD='POST'>";
$sele_players = "SELECT nombre FROM JUGADORES WHERE NOM_EQUIPO='Aston villa'";
        $sele_players = mysql_query( $sele_players , $link );

        while( $row = @mysql_fetch_assoc( $sele_players ) )
            $row['nombre'] = addslashes( $row['nombre'] );
            echo "<TR><TD ALIGN='CENTER'>".$row['nombre']."</TD>";
            echo "<TD><INPUT TYPE='TEXT' NAME='{$row['nombre']}'></TD></TR>";

        echo "<TR><TD COLSPAN='2' ALIGN='CENTER'><INPUT TYPE='submit' NAME='send2' VALUE='INSERTAR' style='width:200px; height:60px' ></TD></CENTER></TR>";

ok here i get the names of players from database, then i use them for insert inside input text as his name, to after pick with array $_POST:

    if( !empty( $_POST['send2'] ) )

        foreach($_POST as $jugador => $points)
            $jugador = str_replace( "__" ,". ", $jugador );
            $jugador = str_replace( "_" ," ", $jugador );

            if( $points == "" )
                $points = "NULL";

            $inser_jornada = "INSERT INTO JORNADA VALUES( '{$_GET['jornada']}','{$_GET['equipo']}', '$jugador', '$points', now() );";

So there is no problem with most of names, excluding N’Zogbia name or apostrophe names which is shown in $_POST array as ‘N’, i have tried adding slashes before send it through from but doesnt work, so i dont know how to get the complete name in post array, thats the main problem.

THanks forwarded!!

Answer by Starx

There are many things to point out here. But instead of that, I will try my best to be helpful.

Add your database entries using mysql_real_escape_string($variableName) to enter the content to the database. It will automatically escape such quotes and make it a little SQL Injection proof.

Author: Nabin Nepal (Starx)

Hello, I am Nabin Nepal and you can call me Starx. This is my blog where write about my life and my involvements. I am a Software Developer, A Cyclist and a Realist. I hope you will find my blog interesting. Follow me on Google+


Please fill the form - I will response as fast as I can!