View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

disappearing titles and changing drop down menu box sizes

Thread began 10/22/2009 11:55 pm by micja3389704 | Last modified 11/09/2009 6:53 pm by micja3389704 | 4406 views | 32 replies


Originally Said By: Eric Mittman
  Ok, I have got it now. The problem is that the double quotes are stored in the db, so when you view the product on the update page the double quotes cause it to break out of the value attribute for that form element and create some new attributes in there.

The fix is to use htmlentities() around the value before it is inserted or updated. This is done in the following locations:

Products Insert line 139
Find the second occurrence of $_POST["ProductName"] and wrap the function around it like this:

Products Update line 268
Find the second occurrence of $_POST["ProductName"] and wrap the function around it like this:

This should make it so it stores the encoded versions of these characters in the db, but the browser will still display them as quotes. Let me know if you have any other problems with this.  

Eric, I am sorry, I'm sure this is a pretty simple fix, but I am just not finding the code you show.

I have the Products_Update.php (inside the Admin folder) open, I've been combing through the code looking for the lines you describe in the vicinity of the line numbers you give, and I am not finding it. For the second occurance, I find something similar but not the same.

Starting at line 123, here is what I have:

mysql_select_db($database_localhost, $localhost);
$query_ProductOptions = sprintf("SELECT DISTINCT optiongroups.OptionGroupName, optiongroups.OptionGroupID FROM optiongroups INNER JOIN options ON optiongroups.OptionGroupID = options.OptionGroupID INNER JOIN productoptions ON productoptions.OptionID = options.OptionID WHERE ProductID = %s ORDER BY optiongroups.OptionGroupID", GetSQLValueString($PIDParam_ProductOptions, "int"));
$ProductOptions = mysql_query($query_ProductOptions, $localhost) or die(mysql_error());
$row_ProductOptions = mysql_fetch_assoc($ProductOptions);
$totalRows_ProductOptions = mysql_num_rows($ProductOptions);
$PIDParam_SelectedOptions = "1";
if (isset($_GET['ProductID'])) {
$PIDParam_SelectedOptions = (get_magic_quotes_gpc()) ? $_GET['ProductID'] : addslashes($_GET['ProductID']);
mysql_select_db($database_localhost, $localhost);
$query_SelectedOptions = sprintf("SELECT options.OptionID, options.OptionGroupID FROM options INNER JOIN productoptions ON productoptions.OptionID = options.OptionID WHERE ProductID = %s", GetSQLValueString($PIDParam_SelectedOptions, "int"));
$SelectedOptions = mysql_query($query_SelectedOptions, $localhost) or die(mysql_error());
$row_SelectedOptions = mysql_fetch_assoc($SelectedOptions);
$totalRows_SelectedOptions = mysql_num_rows($SelectedOptions);
// WA_UploadResult1 Params Start
$WA_UploadResult1_Params = array();
// WA_UploadResult1_1 Start
$WA_UploadResult1_Params["WA_UploadResult1_1"] = array(
'UploadFolder' => "../Images/Upload/",
'FileName' => "[FileName]",
'DefaultFileName' => "" . $row_WADAProducts["ProductImage"] . "",
'ResizeType' => "1",
'ResizeWidth' => "400",
'ResizeHeight' => "400",
'ResizeFillColor' => "#FFFFFF" );
// WA_UploadResult1_1 End
// WA_UploadResult1 Params End?>

I pasted up to line 155

Line 268 reads:
$WA_fieldValuesStr = "".((isset($_POST["ProductSKU"]))?$_POST["ProductSKU"]:"") ."" . "|" . "".((isset($_POST["ProductName"]))?$_POST["ProductName"]:"") **is this where I would place the code you gave?** ."" . "|" . "".((isset($_POST["ProductPrice"]))?$_POST["ProductPrice"]:"") ."" . "|" . "".((isset($_POST["ProductWeight"]))?$_POST["ProductWeight"]:"") ."" . "|" . "".((isset($_POST["ProductCartDesc"]))?$_POST["ProductCartDesc"]:"") ."" . "|" . "".((isset($_POST["ProductShortDesc"]))?$_POST["ProductShortDesc"]:"") ."" . "|" . "".((isset($_POST["ProductLongDesc"]))?$_POST["ProductLongDesc"]:"") ."" . "|" . "".$WA_DFP_UploadStatus["WA_UploadResult2"]["serverFileName"] ."" . "|" . "".$WA_DFP_UploadStatus["WA_UploadResult1"]["serverFileName"] ."" . "|" . "".((isset($_POST["ProductCategoryID"]))?$_POST["ProductCategoryID"]:"") ."" . "|" . "".(date('Y-m-d H:i:s')) ."" . "|" . "".((isset($_POST["ProductStock"]))?$_POST["ProductStock"]:"") ."" . "|" . "".((isset($_POST["ProductLive"]))?$_POST["ProductLive"]:"") ."" . "|" . "".((isset($_POST["ProductUnlimited"]))?$_POST["ProductUnlimited"]:"") ."";

One thought: I had an earlier (unrelated) problem that evidently was caused by not having the template files in the root folder, all my powerstore files are in a subfolder of the site root folder (it is an existing site that I added powerstore to). Could this be causing the problem?

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question





Ease of use


security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...