Values don't save in database when I use : apostrophe [ ' ]
I changed database collation to "utf8_general_ci" & column type to BLOB.
addslashes :
<td <?php if($userdepart==0 ) { ?>
contenteditable="true"
onBlur="saveToDatabase(this,'name','<?php echo addslashes($orderrecords[$k]["id"]); ?>')"
<?php } ?>>
<?php echo substr(addslashes($orderrecords[$k]["name"]),0,75); ?>
</td>
Also I tried mysqli_real_escape_string
<td <?php if($userdepart==0 ){?>
contenteditable="true"
onBlur="saveToDatabase(this,'name','<?php echo addslashes(mysqli_real_escape_string($mysqli,$orderrecords[$k]["id"])); ?>')"
<?php }?>>
<?php echo addslashes(mysqli_real_escape_string($mysqli,substr($orderrecords[$k]["name"],0,975))); ?>
</td>
Right now I really can't use prepared statements and parameterized queries, as this is used by only company users. Please help me with a work around....
update
function saveToDatabase(editableObj,column,id) {
if(column=="image_ready" || column=="ready_to_print" || column=="ready_to_packaging" || column=="ready_to_dispatch"){cvalue=editableObj;}else{var cvalue=$(editableObj).text();}
$.ajax({
url: "editOrder.php",
type: "POST",
data:'column='+column+'&editval='+cvalue+'&id='+id,
success: function(data){
$(editableObj).css("background","#dddddd");
if(column=="image_ready" || column=="ready_to_print" || column=="ready_to_packaging" || column=="ready_to_dispatch"){location.reload();}
}
});
editOrder.php
$sql = "UPDATE do_order set " . $_POST["column"] . " = '".$_POST["editval"]."' WHERE id=".$_POST["id"];