|
PHP - Entering Quotations Into Databases
What's the best way for putting actual quotations into a database?
I was using... $quote = htmlspecialchars(mysqli_real_escape_string($dbc, $_POST['quote'])); Should I be? Similar TutorialsThis topic has been moved to PHP Regex. http://www.phpfreaks.com/forums/index.php?topic=330098.0 Hello, I get the following error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'BETWEEN '1800-01-01' AND '2200-01-01'' at line 1 Here is the code: // building query Code: [Select] $where = array(); if ( $_GET['sex'] != '') {$where[] = " geslacht = '$sex'"; } if( $_GET['minAge'] != '' && is_numeric($_GET['minAge'])){ $where[] = " geboortedatum < '$minAge'"; } if( $_GET['maxAge'] != '' && is_numeric($_GET['maxAge'])) {$where[] = " geboortedatum >= '$maxAge'"; } $where[] = " TijdRegistratie BETWEEN '$minDatum' AND '$maxDatum'"; // glueing query $sql = "SELECT * FROM respondenten"; if (count($where) > 0){ $sql .= "WHERE ".implode(" AND ", $where);} Can somebody tell me where i've put the wrong quotations? *confused* i dont understand why the it gives me a syntax error when i type this: Code: [Select] echo '<h2> <?php echo $_POST['firstname'] ?> gelukt!</h2>'; Apparently, i have to do this: Code: [Select] echo '<h2> <?php echo $_POST["firstname"] ?> gelukt!</h2>'; Hi There, I am putting a form together that when submitted, pumps data in to an SQL DB. However I am having problems with quotation marks - for example, it's and her's and thier's cause an error, because the insert statement takes the quote as the end of the row. How can PHP handle this so that it either removes, or replaces that quote? Thanks Matt Does/can php reconize quotations beyond the simple example I have below: $quote = "\""; if(strstr($test, $quote)){ echo "quote found"; } I'd like to detect any instance of a quote. Should I be including html such as " and/or other html quote symbols? Or does the simple example I have above suffice? $name value is coming through from form submission.
<?php } If statement is not working properly. Whether $name is empty or not, it adds the where clause. ?>
<?php So after surfing the net I found that the 'best' way to enter ip addresses into a database was by using the INET_ATON function because you can then put it into a unsigned interger column and that will save space. But after looking around I can't find a way of fitting it into php. This is my attempt: $ip = getenv("REMOTE_ADDR"); $query = sprintf("UPDATE INTO user ( name, password) VALUES ('%s','%s','%s')", mysql_real_escape_string($_SESSION['name']), mysql_real_escape_string(md5($_SESSION['values']['password'])) INET_ATON('$ip')); //line 37 $result2 = mysql_query($query, $db) or die(mysql_error($db)); I get a parse error: Parse error: syntax error, unexpected T_STRING in C:\x\xampp\htdocs\pages\login.php on line 37. This worked until I wanted to add the ip into the database. Any help appreciated. I have a text firld to enter amount af a book,But i need to check whether the data entering is numeric only eg:70.98 etc. how can i achieve this. my code is echo"<table><tr><td></td><td>Amount in USD</td><td></td><td><input type='text' name='amnt' id='amnt' /> </td><td></td></tr></table>"; How would I incorporate a function to simply check the "name" and "message" for a certain amount of chars, like 15 & 150? Code: [Select] <form method="post" action="chat.php"> <p><input name="name" type="text" id="name" value="your name" size="10" maxlength="15"> <input name="message" type="text" id="message" value="your message" size="20" maxlength="150"> <input name="submit" type="submit" id="submit"></p> </form> </body> </html> <?php // when the submit button is clicked if(isset($_POST['submit'])) { // strip any html tags before continuing $name=strip_tags($_POST['name']); $message=strip_tags($_POST['message']); // stop if nothing was entered if($name!='') if($message!='') { // trim any extra whitespace $data=trim($name)."\n"; $data.=trim($message)."\n"; //open the text file and enter the data $file_ar=file("db.txt"); $fp=fopen("db.txt","w"); fputs($fp,$data); if($file_ar!=NULL) { $loop=0; foreach($file_ar as $line) { // do not store more than 20 messages if($loop>=19*3) break; fputs($fp,$line); $loop++; } } fclose($fp); } } // display the messages $fp=fopen("db.txt","r"); while(!feof($fp)) { $name=trim(fgets($fp,999)); $message=trim(fgets($fp,999)); if($name!='') { echo "<p><b>$name: </b>$message</p>"; } } fclose($fp); ?> I have written code in php to connect and insert rows into a MSSQL database. i used odbc to connect database.user can enter his details through the form. after submitting the form the details are getting stored into a database. while inserting rows into a database am not trying to insert duplicate values . for this i have given if conditions.these conditions are able to notice the user cname and name exist in the database if the same name exist. but the else part after these conditions are not working i.e rows are not getting inserted. i put everything inside the while loop. how can i correct it? This is my php code. $connect = odbc_connect('ServerDB','sa', 'pwd'); //connects database $query2="select count(*) from company";//this is needer for loop through $result2=odbc_exec($connect,$query2); while(odbc_fetch_row($result2)); { $count=odbc_result($result2,1); echo "</br>","$count"; } $query1="select * from company"; $result1 = odbc_exec($connect, $query1); # fetch the data from the database while(odbc_fetch_row($result1)) { $compar[$count] = odbc_result($result1, 1); $namearray[$count] = odbc_result($result1, 2); if($compar[$count]==$_POST['cname']) { echo "<script> alert(\"cname Exists\") </script>"; } else if($namearray[$count]==$_POST['name']) { echo "<script> alert(\"Name Exists\") </script>"; } else { $query=("INSERT INTO company(cname,name) VALUES ('$_POST[cname]','$_POST[name]') "); $result = odbc_exec($connect, $query); echo "<script> alert(\"Row Inserted\") </script>"; } } Just wondering, which is better php databases or sql? I have phpMyAdmin and I've that you can convert the database into php scripts? I know this problem comes up a lot but it can be for various reasons so after reading up I can't decide what might be wrong. I'm still learning! I have a simple php registration form (first name, second name, email address) and every time a user submits an entry a second blank record is created in the MYSQL database after it. Any help would be great. (php code in red) Code: [Select] [color=red]<? $firstname=$_POST['firstname']; $surname=$_POST['surname']; $email=$_POST['email']; mysql_connect(localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $query = "INSERT INTO register VALUES ('','$firstname','$surname','$email')"; mysql_query($query); mysql_close(); ?>[/color] Here is the section on the html HTML page that submits the form Code: [Select] <form action="register.php" method="post" class="BagTitle"> <table width="700" border="0" cellpadding="0" cellspacing="2"> <tr> <td width="100">First Name: </td> <td width="594"><input name="firstname" type="text" size="50" /></td> </tr> <tr> <td>Last Name: </td> <td><input name="surname" type="text" size="50" /></td> </tr> <tr> <td>E-mail:</td> <td><input name="email" type="text" size="50" /></td> </tr> <tr> <td colspan="2"> </td> </tr> <tr> <td colspan="2"><input type="Submit" value="Send" /> <input name="Reset" type="reset" value="Reset Form" /></td> </tr> </table> </form></p> Also I have no idea about securing this information. Are there any basic steps I can take? The dreadful apostrophie problem... This search form returns an error whenever searching with an apostrophie (') Here's the code on the form (html) <td align="center" width="135"><form method="post" action="srch_advert.php"><input type=text name='search' size=15 maxlength=255><br><input type=submit></form></td> <td align="center" width="135"><form method="post" action="srch_details.php"><input type=text name='search' size=15 maxlength=255><br><input type=submit></form></td> <td align="center" width="135"><form method="post" action="srch_artist.php"><input type=text name='search' size=15 maxlength=255><br><input type=submit></form></td> <td align="center" width="135"><form method="post" action="srch_track.php"><input type=text name='search' size=15 maxlength=255><br><input type=submit></form></td> and heres the code on srch_advert.php if ($search) // perform search only if a string was entered. { mysql_connect($host, $user, $pass) or die ("Problem connecting to Database"); $srch="%".$search."%"; $query = "select * from tvads WHERE advert LIKE '$srch' ORDER BY advert, year DESC, details ASC LIMIT 0,30"; $result = mysql_db_query("cookuk_pn", $query); if(mysql_num_rows($result)==0) { print "<h2>Your search returned 0 Results</h2>"; } else if ($result) { I have a site where I need to have lets call it image1 displayed, then I want to change this image based on a php if statement, for instance: if $var == $var2 change the image ....blah blah so I was also going to have the names of my images stored in my database, i.e. image1.jpg and image2.jpg in my database. the image is in its own div tag set as the background image of the div tag if that makes any diference. Thanks I'm trying to connect to two databases and I'm having problems with the following code. I googled to come up with this but can't figure out the errors I'm getting. Code: [Select] $connection="localhost"; $username="user"; $password="password"; $database1="dbone"; $database2="dbtwo"; $db1 = mysql_connect($connection,$username,$password) or die(mysql_error()); $sel1 = mysql_select_db($database1, $db1); $query1 = "SELECT * FROM TBLUSERS"; $result1 = mysql_query($query1, $db1); while($nt1 = mysql_fetch_array($result1, $db1)) { } $db2 = mysql_connect($connection,$username,$password) or die(mysql_error()); $sel2 = mysql_select_db($database2, $db2); $query2 = "SELECT * FROM TBLPD20101101"; $result2 = mysql_query($query2, $db2) or die(mysql_error()); while($nt2 = mysql_fetch_array($result2, $db2)) { } The error I get is Quote Warning: mysql_fetch_array() expects parameter 2 to be long, resource given in C:\xampp\htdocs\HighVisibility\DashBoard2.php on line 13 Warning: mysql_fetch_array() expects parameter 2 to be long, resource given in C:\xampp\htdocs\HighVisibility\DashBoard2.php on line 22 Hi, I am in the procress of creating discussion system however I am a bit puzzled about the best way to go about it. I am starting the discussion by creating an ID number and then match the answer to the initial ID number. However, I dont know whether if is best to put the responses into a different database. I'm a bit puzzled how ID matching systems works. Lets say: Question 1 = ID1 Question 2 = ID2 Question 3 = ID3 Question 1 Answer 1 = ID4 (How is this matched to ID1) Question 2 Answer 1 = ID5 (How is this matched to ID2) is this based on preg_match? ok , here is my mysql code to get all posts from the posts table . Code: [Select] $query = mysql_query("SELECT id,to_id,from_id,post,type,state,date FROM posts WHERE state='0' ORDER BY id DESC LIMIT 50"); and here is the code to display the users friends... Code: [Select] $sqlArray = mysql_query("SELECT friend_array FROM myMembers WHERE id='" . $logOptions_id ."' LIMIT 1"); while($row=mysql_fetch_array($sqlArray)) { $iFriend_array = $row["friend_array"]; } $iFriend_array = explode(",", $iFriend_array); if (in_array($id, $iFriend_array))see now i got as far as , if(in_array($id, $iFriend_array)) How would i put these togeather to where it would get the posts from the posts table that there friends posted? What would be the fastest way to search 2+ databases with the same search information? Each database is different, and may return different information. I have just read my upcoming modules for my final year at uni and 'multimedia databases' is one of them. I am just wondering if any of you had any clue on what a multimedia database is? I am guessing it's a database populated with directory data, but that would be to simple... |
|||||||