[PHP] Problems with support messages using ' (Apostrophe)
Hi,
Can you help us with the following code?
We can't seem to post support messages to our clients when we're using an apostrophe (')
We're using PHP 5.2.16
Thanks in advance!
Can you help us with the following code?
We can't seem to post support messages to our clients when we're using an apostrophe (')
We're using PHP 5.2.16
Thanks in advance!
PHP Code:
<?php
$requireJSCal = true;
require_once("includes/access.php");
require_once("includes/header.php");
require_once("support.inc.php");
$sel_support_master = mysql_query("select * from ".$prev."support_master where id = ".$_GET['sid']);
$fetch_support_master = mysql_fetch_array($sel_support_master);
$sel_user = mysql_fetch_array(mysql_query("select user_name from ".$prev."user where user_id = ".$fetch_support_master['user_id']));
$sel_support = mysql_query("select * from ".$prev."support where support_id = ".$fetch_support_master['id']."");
$total = mysql_num_rows($sel_support);
//$fetch_support = mysql_fetch_array($sel_support);
/**
* Start of File Uploading Section
*/
$width_gen = 300;
$row_num = 1;
/**
* End of File Uploading Section
*/
if($_POST['SBMT'])
{
$sql="insert into ".$prev."support set
support_id='".$_POST['support_id']."',
instanciate_id='0',
message='".$_POST['support_msg']."',
cur_date=NOW()";
$r = mysql_query($sql);
$id=mysql_insert_id();
if($r)
{
//support_file
//pageRedirect('preview_project.php?id='.$_GET['id']);
if($_FILES[support_attach][name])
{
$filename=time();
$arr=pathinfo($_FILES['support_attach']['name']);
$ext=$arr['extension'];
if($ext=="doc" || $ext=="docx" || $ext=="pdf" || $ext=="doc" || $ext=="txt" || $ext=="xls" || $ext=="zip" || $ext=="rar")
{
$chk=move_uploaded_file($_FILES['support_attach']['tmp_name'],"../support_file/".$filename.".".$ext);
if($chk)
{
mysql_query("update ".$prev."support set support_file='support_file/".$filename.".".$ext."' where id=".$id."");
}
}
else
{
$err_msg = "<span class='lnkred'><b>Error! Please upload doc or docx or xls or txt or pdf files.</b></span>";
}
}
$_SESSION['succ_msg'] = '<span class="success"><b>Message Successfully Sent.</b></span>';
$support_id_res=mysql_fetch_array(mysql_query("select support_id from ".$prev."support where id=".$id.""));
mysql_query("update ".$prev."support_master set support_status='unsolved' where id=".$support_id_res[support_id]."");
pageRedirect("support.reply.php?sid=".$_GET['sid']);
}
else
{
$err_msg = "<span class='lnkred'><b>Error! Please try again.</b></span>";
}
}
?>
<script type="text/javascript" language="javascript"><!--
function valReply()
{
var txt = '';
if(document.getElementById('support_msg').value == "") {
txt += "Message cannot be blank.\n";
}
if(document.getElementById('support_attach').value != "")
{
var fup = document.getElementById('support_attach');
var fileName = fup.value;
var ext = fileName.substring(fileName.lastIndexOf('.') + 1);
if(ext != "doc" && ext != "docx" && ext != "xls" && ext != "pdf" && ext != "txt" && ext != "zip" && ext != "rar")
{
txt += "Please upload doc or docx or xls or txt or pdf files.\n";
}
}
if(txt != "") {
alert("Following fields are mandatory:-\n\n" + txt);
return false;
}
}
//-->
</script>
<table align="center" cellpadding="4" cellspacing="0" border="0" width="98%" bgcolor="<?=$td_bgcolor?>" class="table">
<tr bgcolor="<?=$light?>">
<td height="30" colspan="2" class="header_tr"><?php echo 'Subject '.'» '.$fetch_support_master['subject']; ?></td>
</tr>
<tr>
<td width="38%" align="left" valign="top"><b>Ticket</b></td>
<td width="62%" align="left" valign="top"><?php echo stripslashes($fetch_support_master['code']);?></td>
</tr>
<tr>
<td align="left" valign="top"><b>Date Submitted</b></td>
<td align="left" valign="top"><?php echo dateModifier($fetch_support_master['created_on'],'F d, Y - g:i a');?></td>
</tr>
<tr>
<td align="left" valign="top"><b>Subject</b></td>
<td align="left" valign="top"><?php echo stripslashes($fetch_support_master['subject']);?></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td colspan="2" align="left" valign="top">
<table align="center" cellpadding="2" cellspacing="0" border="0" width="100%">
<?php
if($total){
while($support_fetch = mysql_fetch_array($sel_support)){
$i++;
if(!empty($support_fetch['instanciate_id'])){
$fetch_user = mysql_fetch_array(mysql_query("select user_name from ".$prev."user where user_id = ".$support_fetch['instanciate_id']));
$user_name = $fetch_user['user_name'];
}else{
$user_name = 'Admin';
}
?>
<tr>
<td width="38%" align="left" valign="top"><b>From</b></td>
<td width="62%" align="left" valign="top"><?php echo $user_name;?></td>
</tr>
<?php
$file_path = '../'.$support_fetch['support_file'];
if(!empty($support_fetch['support_file']) && file_exists($file_path))
{
?>
<tr>
<td align="left" valign="top"><b>Attachment</b></td>
<td align="left" valign="top"><a href="<?php echo '../'.$support_fetch['support_file'];?>" class="preview_link" target="_blank">Download</a></td>
</tr>
<?php }?>
<?php
if($i!=1){
?>
<tr>
<td align="left" valign="top"><b>Date</b></td>
<td align="left" valign="top"><?php echo dateModifier($support_fetch['cur_date'],'F d, Y - g:i a');?></td>
</tr>
<?php
}
?>
<tr>
<td align="left" valign="top"><b><?php if($i!=1){?>Reply<?php }else{?>Original Message<?php }?></b></td>
<td align="left" valign="top"><?php echo stripslashes($support_fetch['message']);?></td>
</tr>
<tr>
<td colspan="2" style="border-top:1px solid #A0C9CF;"><img src="images/x.gif" height="1" width="1" alt="" /></td>
</tr>
<?php
}
}?>
</table>
</td>
</tr>
<tr>
<td colspan="2" align="left" valign="top"><form name="frmReply" method="post" action="<?php echo $_SERVER['REQUEST_URI'];?>" enctype="multipart/form-data" onsubmit="return valReply();">
<input type="hidden" name="support_id" value="<?php echo $_GET['sid'];?>" />
<table align="center" width="100%" cellpadding="2" cellspacing="0">
<?php
if($_SESSION['succ_msg']){
?>
<tr>
<td colspan="2" align="center" valign="top"><?php echo $_SESSION['succ_msg'];?></td>
</tr>
<?php }
unset($_SESSION['succ_msg']);
if($err_msg){
?>
<tr>
<td colspan="2" align="center" valign="top"><?php echo $err_msg;?></td>
</tr>
<?php }?>
<tr>
<td width="38%" align="left" valign="top"><b>Add Reply</b><span class="lnkred">*</span></td>
<td width="62%" align="left" valign="top"><textarea cols="50" rows="8" name="support_msg" id="support_msg"></textarea></td>
</tr>
<tr>
<td align="left" valign="top"><b>Add Attachment</b></td>
<td align="left" valign="top"><input type="file" name="support_attach" id="support_attach" /></td>
</tr>
<tr bgcolor="<?=$light?>">
<td align="center" valign="top" colspan="2"><input type="submit" name="SBMT" value="Submit" class="button"/></td>
</tr>
</table></form>
</td>
</tr>
</table>
<?php include("includes/footer.php"); ?>
My dull, ugly blog: seoelk.com
Want to read my personal blog? Tashi Mortier