Is this the case when inserting data from a xinha editor into the database? Is this being seen only in application related data?
Sorry for the time you've spent investigating this, it only took a moment for me to realize what the problem was after knowing the symptoms. I should have caught this earlier.
I'm pretty sure this is an easy fix of simply not using compile_update_string() or compile_insert_string(). If you look at the use of these functions you'll see something like:
$sBlah = compile_insert(update)_string(...);
query_parameters("update/insert ".$sBlah." where '?' ...", a, b, c);
The problem is that $sBlah contains characters that are special to query_parameters() like '~', '?', '&'. Because we incorrectly put $sBlah into the format portion of query_parameters(), we insert these special characters into the format parameter of query_parameters().
So, the fix is quite simple, stop using compile_insert_string() and compile_update_string() and let query_parameters() do the work. This way we can be sure that we won't be inserting strings with special formatting characters into the format portion of the query_parameters() call.
I'll take care of fixing this as soon as I get back home.
Chris
On 7/2/06, Tony Lambregts tony.lambregts@gmail.com wrote:
We have a problem with xinha, compile_update_string() and query_parameters(). Xinha changes double quotes, ampersands, the less than symbol, the greater than symbol and probably others into their HTML Ampersand Character Codes[1]. This conflicts with what mysql_real_escape_string() does and causes query_parameters() to refuse to update the database when there is an one of these characters in a Xinha field.
I have investigated this for quite a while now and am unsatisfied with any quick solution that have looked at.
[1] http://rabbit.eng.miami.edu/info/htmlchars.html
--
Tony Lambregts