Values don't save in database when I use : apostrophe [ ' ]
I changed database collation to "utf8_general_ci" & column type to BLOB.
addslashes :
<td <?php if($userdepart==0 ) { ?>
contenteditable="true"
onBlur="saveToDatabase(this,'name','<?php echo addslashes($orderrecords[$k]["id"]); ?>')"
<?php } ?>>
<?php echo substr(addslashes($orderrecords[$k]["name"]),0,75); ?>
</td>
Also I tried mysqli_real_escape_string
<td <?php if($userdepart==0 ){?>
contenteditable="true"
onBlur="saveToDatabase(this,'name','<?php echo addslashes(mysqli_real_escape_string($mysqli,$orderrecords[$k]["id"])); ?>')"
<?php }?>>
<?php echo addslashes(mysqli_real_escape_string($mysqli,substr($orderrecords[$k]["name"],0,975))); ?>
</td>
Right now I really can't use prepared statements and parameterized queries, as this is used by only company users. Please help me with a work around....
update
function saveToDatabase(editableObj,column,id) {
if(column=="image_ready" || column=="ready_to_print" || column=="ready_to_packaging" || column=="ready_to_dispatch"){cvalue=editableObj;}else{var cvalue=$(editableObj).text();}
$.ajax({
url: "editOrder.php",
type: "POST",
data:'column='+column+'&editval='+cvalue+'&id='+id,
success: function(data){
$(editableObj).css("background","#dddddd");
if(column=="image_ready" || column=="ready_to_print" || column=="ready_to_packaging" || column=="ready_to_dispatch"){location.reload();}
}
});
editOrder.php
$sql = "UPDATE do_order set " . $_POST["column"] . " = '".$_POST["editval"]."' WHERE id=".$_POST["id"];
use prepared statements:
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
$firstname = "John";
$lastname = "D'''oe";
$email = "john@example.com";
$stmt->execute();