Wheatblog .0x Quotes Issue: Solution
I am a bit of a fancypants, so I like to use a lot of XHTML in my posts. MySQL hates single quotes, and dies every time one is out of place. I was having a heck of a time figuring this one out when I first started out with wB, but I am pretty sure the fix Pete came up with does the trick. Add the below function somewhere where it is accessible by your admin pages:
<?php function DB_quote($arg) { if (get_magic_quotes_gpc()) $arg = stripslashes($arg); if ( is_numeric($arg) ) return $arg; return "'" . mysql_real_escape_string($arg) . "'"; } // Function written by Peter J. Salzman (Dirac.org) ?>
According to php.net, this is the safest way of prepping variables for insertion the database, as it avoids the possibility of injection. The problem is that some hosts turn mag_quotes_gpc() on, while others leave it off (as it should be, because it sucks). First, we wrap the necessary POST variables in our function, and we add another variable to have the post display correctly without the quotes added.
<?php // parse the passed variables $the_day $_POST['the_day']; $the_month $_POST['the_month']; $the_date $_POST['the_date']; $the_year $_POST['the_year']; $the_category $_POST['the_category']; $the_showpref $_POST['the_showpref']; $the_title DB_quote($_POST['the_title']); $the_body DB_quote($_POST['the_body']); $show_body $_POST['the_body']; ?>
Then we change the variable within the post display (in add_post.php and edit_post_002.php so our post proofs don't contain the added slashes.
<?php echo("<div class=\"wheatblog_indent2\">\n" . "$the_day, $the_month" . "." . "$the_date" . "." . "$the_year <br />" . "$the_title <br/>". $show_body ."<br />" . "[id: $last_post_id :: category: $the_category :: showpref: $the_showpref]" . "</div>\n"); ?>
Happy Blogging.
Comments are currently off for this entry.