[eluser]dallen33[/eluser]
Here's my error:
Quote:A Database Error Occurred
Error Number: 1406
Data too long for column 'notes' at row 1
INSERT INTO online_ads (client,rep,submitted,required,runs,type,size,pickup,url,notes,contacts,status,attachment) VALUES ('474','3','1253209296','1253772000000',NULL,'2','1 ',NULL,NULL,'\Opera \n2009|2010 Season\nHe can’t protect her.',' ',1,NULL)
So I know it's the apostrophe because when I remove it, it works.
I am XSS_CLEANing my posts like this:
Code: $notes = $this->input->post('notes', TRUE);
I have global XSS turned on:
Code: $config['global_xss_filtering'] = TRUE;
I've tried many ways of inserting:
Code: $sql = "INSERT INTO online_ads (client,rep,submitted,required,runs,type,size,pickup,url,notes,contacts,status,attachment) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)";
$this->db->query($sql, array($client,$rep,$submitted,$required,$runs,$type,$size,$pickup,$url,$notes,$contacts,$status,$attachment));
Also this:
Code: $escaped = $this->db->escape($ad_db_data);
$this->db->insert('online_ads', $escaped);
Also this:
Code: $this->db->insert('online_ads', $ad_db_data);
So why is this causing me so much grief? I know I'm likely missing something obvious, but any help would be appreciated.
[eluser]dallen33[/eluser]
I figured out how to fix it by doing a find and replace.
Code: $search = array('’');
$replace = array('\'');
$notes_cleaned = html_entity_decode(str_replace($search, $replace, htmlentities($notes)));
Is this a bug in CodeIgniter? It's always done a great job of escaping characters, but this one hasn't worked at all. But now that I do a search and replace, it works flawlessly.
Maybe this'll help someone else out in the future!
EDIT: Just FYI, the character that wasn't escaping is a Word doc apostrophe. It has an HTML number of ’. Someone was copying text from a Word doc and pasted it in a textarea.
|
