Home/ Questions/Q 6875369
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T04:18:50+00:00

In the admin section of my website’s glossary, I wrote an ajax function which

  • 0

In the admin section of my website’s glossary, I wrote an ajax function which checks the mysql database for existing entries with the same term before the form is being inserted to avoid double entries.

The function works, but only when the term does not contain any foreign language characters. The website’s main language is French, so there’s a lot of these. The database tables are encoded in latin1_swedish_c1 (default).

JS

$('input[id=term]').live('focusout',function(){
        var element = $(this).attr('id');
        var term = $(this).val();
        if(term != ""){
        // alert(term);
        $(this).closest('tr').children().eq(2).load('ajax/term_chk.php', {'term':term}, function(data){
        $(this).html(data);
        });
        }
        });

PHP
term_chk.php calls the following function:

function checkTerm($term)
{
$qry = "select * from trm where term = '".addslashes($term)."' limit 1";
$qry_res = mysql_query($qry);
if(mysql_numrows($qry_res) > 0)
{
    $t = mysql_fetch_assoc($qry_res);
    $checkStr = '<span style="background-color: #F00; padding: 1px 10px">ID '.$t['id'].'</span>';
} else {
    $checkStr = '<span style="background-color: #5BB26B; ; padding: 1px 10px">OK</span>';
}
return $checkStr;
}

Thanks in advance for your help

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Three things:

    1. The symptoms might be explained by the character encoding of the webpage. If the webpage is UTF-8 but the MySQL connection character set is Latin-1, for example, then the query will not work because each multi-byte character will be interpreted as a series of characters.
    2. addslashes() is not good enough protection against SQL injection. Use a database-connection-specific function such as mysql_real_escape_string(). Better still, update to PDO or the mysqli library; the mysql library is obsolete.
    3. The name of the collation is latin1_swedish_ci, not latin1_swedish_c1.
    • 0