I've just done a form where users can update their details. But to make it better I need to take account of people entering names like Mike O'Neill
that contain an apostrophe so the SQL query doesn't think the string is 'Mike O'. The string, when sent to the DB, is handled with addslashes() which clearly works. Here is the relevant code, from a PHP file which runs when the user clicks the button on the form:
if ($_POST['dobutton']=="Update Member") // from member form button text.
...other variables go here
$sql = "update clubs set username='$theun',password='$thepw',fname='$myname', landline='$_POST[landline]', mobile='$_POST[mobile]', email='$_POST[email]', club='$myclub' where username='$_POST[loginname]'";
$result = mysql_query($sql)or die(mysql_error());
The code on the form page which retrieves a member's details from the DB is:
$conn = dbconnect('member');
$showrow = "select * from clubs where username='$_SESSION[sessuser]'";
$result = mysql_query($showrow) or die(mysql_error());
while ($row = mysql_fetch_assoc($result))
...other variables go here...
$thefn = $row['fname'];
And the code for showing this on the form is:
<h2>Member Details for <?php echo $thefn; ?></h2>
As you can see from the screen capture, this works fine, showing Mike O'Neill
as the name that was entered.
However, when it comes to showing the member's name in the form field (which uses the same variable!) it says Mike O
! The code that shows this is (only the relevant box included for the sake of clarity):
<form action="procform.php" method="POST">
...table layout, etc...
<tr><td class="boldright">Name </td> <!-- name box -->
<td><?php echo "<input type='text' name='fname' value='$thefn' size='30' maxlength='30'>"; ?></td></tr>
<tr><td style="text-align:center"> <input type="submit" value="Update Member" name="dobutton"></td>
So how come the same variable gets treated differently? I just KNOW this is something really basic, but can't work out why!!