EasyUI Forum

General Category => EasyUI for jQuery => Topic started by: flish on September 25, 2014, 01:14:48 AM


Title: Basic CRUD cannot insert words containing single quote '
Post by: flish on September 25, 2014, 01:14:48 AM
This works very well, except for the case where I want to insert words containing a quote '. Double quotes don't break it, neither any special chars nor slashes nor anything else I thought of really. Any idea what I'm doing wrong?


conn.php:

Code:
<?php

$conn = @mysql_connect('localhost','user','pwd');
if (!$conn) {
	die('Could not connect: ' mysql_error());
}
mysql_select_db('db'$conn);

?>

index.html
Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	<meta name="keywords" content="jquery,ui,easy,easyui,web">
	<meta name="description" content="easyui help you build your web page easily!">
	<title>Textes et images</title>
	<link rel="stylesheet" type="text/css" href="easyui.css">
	<link rel="stylesheet" type="text/css" href="icon.css">
	<link rel="stylesheet" type="text/css" href="demo.css">
	<style type="text/css">
		form{
			margin:0;
			padding:0;
		}
		.dv-table td{
			border:0;
		}
		.dv-table input{
			border:1px solid #ccc;
		}

	</style>
	
	<script type="text/javascript" src="jquery-1.6.min.js"></script>
	<script type="text/javascript" src="jquery.easyui.min.js"></script>
	<script type="text/javascript" src="datagrid-detailview.js"></script>
	<script type="text/javascript">
		$(function(){
			$('#dg').datagrid({
				view: detailview,
				detailFormatter:function(index,row){
					return '<div class="ddv"></div>';
				},
				onExpandRow: function(index,row){
					var ddv = $(this).datagrid('getRowDetail',index).find('div.ddv');
					ddv.panel({
						border:false,
						cache:true,
						href:'show_form.php?index='+index,
						onLoad:function(){
							$('#dg').datagrid('fixDetailRowHeight',index);
							$('#dg').datagrid('selectRow',index);
							$('#dg').datagrid('getRowDetail',index).find('form').form('load',row);
						}
					});
					$('#dg').datagrid('fixDetailRowHeight',index);
				}
			});
		});
		function saveItem(index){
			var row = $('#dg').datagrid('getRows')[index];
			var url = row.isNewRecord ? 'save_user.php' : 'update_user.php?id='+row.id;
			$('#dg').datagrid('getRowDetail',index).find('form').form('submit',{
				url: url,
				onSubmit: function(){
					return $(this).form('validate');
				},
				success: function(data){
					data = eval('('+data+')');
					data.isNewRecord = false;
					$('#dg').datagrid('collapseRow',index);
					$('#dg').datagrid('updateRow',{
						index: index,
						row: data
					});
				}
			});
		}
		function cancelItem(index){
			var row = $('#dg').datagrid('getRows')[index];
			if (row.isNewRecord){
				$('#dg').datagrid('deleteRow',index);
			} else {
				$('#dg').datagrid('collapseRow',index);
			}
		}
		function destroyItem(){
			var row = $('#dg').datagrid('getSelected');
			if (row){
				$.messager.confirm('Confirm','Are you sure you want to remove this user?',function(r){
					if (r){
						var index = $('#dg').datagrid('getRowIndex',row);
						$.post('destroy_user.php',{id:row.id},function(){
							$('#dg').datagrid('deleteRow',index);
						});
					}
				});
			}
		}
		function newItem(){
			$('#dg').datagrid('appendRow',{isNewRecord:true});
			var index = $('#dg').datagrid('getRows').length - 1;
			$('#dg').datagrid('expandRow', index);
			$('#dg').datagrid('selectRow', index);
		}
	</script>
</head>
<body>

	<div class="demo-info" style="margin-bottom:10px">
		<div class="demo-tip icon-tip">&nbsp;</div>
		<div>Click on + to modify</div>
	</div>
	
	
	<table id="dg" title="PRODUSE" style="width:1150px;height:550px"
			url="get_users.php"
			toolbar="#toolbar" pagination="true"
			fitColumns="true" singleSelect="true">
		<thead>
			<tr>
				<th field="ref" width="50">Ref</th>
			</tr>
		</thead>
	</table>

	<div id="toolbar">
		<a href="#" class="easyui-linkbutton" iconCls="icon-add" plain="true" onclick="newItem()">Nou</a>
		<a href="#" class="easyui-linkbutton" iconCls="icon-remove" plain="true" onclick="destroyItem()">Sterge</a>
	</div>
	
</body>
</html>

save_user.php
Code:
<?php

$id =  $_REQUEST['id'];
$ref $_REQUEST['ref'];

include 'conn.php';

$sql "insert into reg5(id,ref) values('$id','$ref')";
@mysql_query($sql);
echo json_encode(array(
	'id' => mysql_insert_id(),
	'ref' =>$ref
));

?>

the table:

Code:
CREATE TABLE IF NOT EXISTS `reg5` (
  `id` int(5) NOT NULL AUTO_INCREMENT,
  `ref` varchar(12) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ;

Title: Re: Basic CRUD cannot insert words containing single quote '
Post by: stworthy on September 25, 2014, 03:31:04 AM
You may need to call htmlspecialchars() function on the value before storing it in database.
Code:
<?php

$id =  htmlspecialchars($_REQUEST['id']);
$ref htmlspecialchars($_REQUEST['ref']);


Title: Re: Basic CRUD cannot insert words containing single quote '
Post by: flish on September 25, 2014, 05:22:13 AM
No, it doesn't work.

Strangely enough, it works if I replace 1 single quote with 2 single quotes, like this:
Code:
$ref = str_replace("'", "''", $_REQUEST['ref']);
It gets stored as 1 single quote in the table, so I don't really mind, but I'd very much like to know why this happens.


Powered by SMF 1.1.18 | SMF © 2013, Simple Machines