PHP - Slashes Being Put In Front Of Apostrophes Sometimes?!?!

i'm having problems with apostrophes causing an error on my contact form. I've tried stripslash and also str_replace but i can't get it to work. what am i doing wrong?

thanks 


Code: [Select]
<?php
if(isset($_POST['email'])) {
     
    // EDIT THE 2 LINES BELOW AS REQUIRED
    $email_to = "test@test.com";
    $email_subject = "test";
     
     
    function died($error) {
        // your error code can go here
        echo "We are very sorry, but there were error(s) found with the form you submitted. ";
        echo "These errors appear below.<br /><br />";
        echo $error."<br /><br />";
        echo "Please go back and fix these errors.<br /><br />";
        die();
    }
     
    // validation expected data exists
    if(!isset($_POST['contact_name']) ||
        !isset($_POST['last_name']) ||
        !isset($_POST['email']) ||
        !isset($_POST['telephone']) ||
        !isset($_POST['comments'])) {
        died('We are sorry, but there appears to be a problem with the form you submitted.');      
    }
    
    foreach($_POST['check'] as $value) { 
$check_msg .= "Checked: $value\n"; 
} 

    $contact_name = str_replace("'", "&#38;#039;", $contact_name); 
    $contact_name = $_POST['contact_name']; // required
    $last_name = $_POST['last_name']; // required
    $email_from = $_POST['email']; // required
    $telephone = $_POST['telephone']; // not required
    $comments = $_POST['comments']; // required
     
    $error_message = "";
    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
  if(!preg_match($email_exp,$email_from)) {
    $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
  }
    $string_exp = "/^[A-Za-z .'-]+$/";
    
  if(!preg_match($string_exp,$contact_name)) {
    $error_message .= 'The First Name you entered does not appear to be valid.<br />';
  }
  if(!preg_match($string_exp,$last_name)) {
    $error_message .= 'The Last Name you entered does not appear to be valid.<br />';
  }
  if(strlen($comments) < 2) {
    $error_message .= 'The Comments you entered do not appear to be valid.<br />';
  }
  if(strlen($error_message) > 0) {
    died($error_message);
  }
    $email_message = "Form details below.\n\n";
     
    function clean_string($string) {
      $bad = array("content-type","bcc:","to:","cc:","href");
      return str_replace($bad,"",$string);
    }
     
    $email_message .= "Contact Name: ".clean_string($contact_name)."\n";
    $email_message .= "Agency/Company Name: ".clean_string($last_name)."\n";
    $email_message .= "Email Address: ".clean_string($email_from)."\n";
    $email_message .= "Dates Required: ".clean_string($telephone)."\n";
    $email_message .= "Type Required: ".clean_string($check_msg)."\n";
    $email_message .= "Any other info: ".clean_string($comments)."\n";


     
     
// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers); 
?>
 
thanks
 
<?php
}
?>

Hello, im trying to update my database with a paragraph of text in a texbox.

The thing is my paragraph has apostrophes

Look:
Code: [Select]
In the run up to the return of the Wilderness, we've released a new wallpaper depicting a green dragon, plus a couple of 'getting started' guides about the Wilderness and free trade.
It doesn't want to update my table and it shows the old paragraph.

Here is how my update database looks like.

<?php
if (isset($_POST['Submit'])) { 
for($i=0;$i<$count;$i++){
$month = $_POST['month'];
$date = $_POST['date'];
$message = $_POST['message'];



$title = $_POST['title'];
$monthday = $month[$i]."<br>".$date[$i];
$sql1="UPDATE $tbl_name SET monthday='$monthday', month='$month[$i]', date='$date[$i]', message='$message[$i]', title='$title[$i]' WHERE id='$id[$i]'";
$result1 = mysql_query($sql1);
} 
header("location:update2.php");
}
?>


Can someone show me to to make it add the strip slashes to the $message variable.

Thanks Alot!

Hi there,   I am getting this in a PHP generated email:   ACWA Member/Subscriber: Melody’s Children’s Service   The line of code in the php is:     $subject = "ACWA Member/Subscriber: $membername";   I have tried htmlentitiies, html_entity_decode, htmlspecialchars but nothing seems to work.   I haven't used htmlentities anywhere else in the code for this variable.   Any suggestions?   All advice gratefully received.

onlinegamekey. com/MTGT-Auction.php is the page I'm working on.

The problem I'm having is cards with an apostrophe in the name breaks the operation.

I am populating the Select Box with the Card Names and those are coming in fine, its not until I try to use the select value to get that specific card data do I have an issue.
This query specifically
Code: [Select]
$quer2=mysql_query("SELECT * FROM auctions WHERE Card_Name ='$cards' Order By Price_Per") or die;
I've tried
$quer2=mysql_query("SELECT * FROM auctions WHERE Card_Name =" . htmlspecialchars($cards) . " Order By Price_Per") or die;
but then I get no data for any card.

Here is the page code I'm working with.

Code: [Select]
<?php
$cards = $_POST['cards'];
//SELECTING DATA FOR THE DROPDOWN
$sql = "Select Card_Name From auctions Group BY Card_Name ASC" or die;
$result = mysql_query($sql);
?>
<script type="text/javascript">
<!--
var optList;
var optsValue = new Array();
var optsText = new Array();
//when the page loads get the original options values and text and store them in arrays
window.onload = function() {
optList = document.getElementsByTagName("option");
for(var i=0; i<optList.length; i++) {
     optsValue[i] = optList[i].value;
     optsText[i] = optList[i].text.toLowerCase();   
}   
}
function searchSel(txtSearch) {
//clear all the current options
document.getElementById("items").options.length = 0;
var count = 0;
for(var i=0; i < optsValue.length; i=i+1) {
    if(optsText[i].indexOf(txtSearch.toLowerCase()) == 0) {  //match found
         //add this option to the select list options
         var newOpt = new Option(optsValue[i],optsText[i],false,false);
         document.getElementById("items").options[count] = newOpt;
         count = count+1;
    }
    }
}
function reload(form)
{
var f1 = document.forms['f1']
var val=f1.cards.options[f1.cards.options.selectedIndex].value;
self.location='MTGT-Auction.php?card=' + val ;
}
//-->
</script>
<style type="text/css">
body {
background-color:#000000;
}
.row-one {
    background-color: #666666;
    font-family: Arial, Helvetica, sans-serif;
font-size:12px;
font-weight: bold;
    line-height: 17px;
    color:#CCFF33;
}
.row-two {
    background-color: #333333;
    font-family: Arial, Helvetica, sans-serif;
font-size:12px;
font-weight: bold;
    line-height: 17px;
    color: #FF0;
}
.th {
background-color:#000000;
font-family:Arial, Helvetica, sans-serif;
font-size:14px;
font-weight:bold;
color:#CC0000;
padding: 2;
}
</style>
<!-- CREATE FORM & SELECT BOX -->
<form method="post" name="f1" action="MTGT-Auction.php">
    <select name="cards" id="items">
    <option value='0'>Select...</option>
    <?php while ($row=mysql_fetch_array($result)) {
if ($row['Card_Name']==@$cards) {
echo "<option selected value='$row[Card_Name]'>$row[Card_Name]</option>";
} else {
echo "<option value='$row[Card_Name]'>$row[Card_Name]</option>";
}
}
 ?>
    </select>
    <br />
     <input type="text" id="txt" value="Card Name?" onfocus="this.value==this.defaultValue?this.value='' :null" onkeyup="searchSel(this.value);" style="color:#000000; font:Arial; font-size:12px; background-color:#e1e1e1;" />
     <BR />
<input type="submit" value="Submit" name="submit" />
                        <input type=button onClick="location.href='MTGT-Auction.php'" value='Reset' />
            </form>
            <!-- CREATE TABLE WHERE DATA GOES -->
<table border="1" bordercolor="#000000">
<tr align="center">
<th class="th">Auction ID</th>
<th class="th">Card Name</th>
<th class="th">Cards Per Auction</th>
<th class="th">Auction Price</th>
<th class="th">Cost Per Card</th>
<th class="th">Date Listed</th>
<th class="th">Seller Name</th>
</tr>
<?php
//GET DATA FOR TABLE BASED ON SELECTED CARD & LOOP THROUGH
$quer2=mysql_query("SELECT * FROM auctions WHERE Card_Name ='$cards' Order By Price_Per") or die;
$i =1;
WHILE($row = mysql_fetch_array($quer2)) { 
if ($i%2 !=0)
$rowColor = "class='row-one'";
else
$rowColor = "class='row-two'";
echo "<tr $rowColor>" . "<td>" . $row[Auction_ID] . "</td><td>" . $row[Card_Name] . "</td><td>" . $row[Qty_Listed] . "</td><td>" . $row[Price] . "</td><td>" . $row[Price_Per] . "</td><td>" . $row[Date] . "</td><td>" . $row[Seller] . "</td></tr>";
$i++;
}
//}
?>
<?php
//QUICK CHECK IS OUR VARIABLE SET???
echo "<font color=\"#FFFFFF\">". $cards . "</font>";
?>
</table>
I image this is probably a very common problem & easy fix that has been answered many times, but I haven't found any thing that worked for me so any help.. or links to similar issues would really be appreciated.

Thank you,

Hi:

Is this the proper way to remove slashes from apostrophes:
Code: [Select]
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{

$myTitle = mysql_real_escape_string(stripslashes($_POST['myTitle']));
$myDesc = mysql_real_escape_string(stripslashes($_POST['myDesc']));
$myHeader = mysql_real_escape_string(stripslashes($_POST['myHeader']));
$mySubHeader = mysql_real_escape_string(stripslashes($_POST['mySubHeader']));
$myPageData = mysql_real_escape_string(stripslashes($_POST['myPageData']));


It seems to work fine, I'd just like to clarify I'm not missing anything.

Thanks!

Hi All I Am confused

I would like to put info into a database but need it to be secure. I have some code shown below. The problem is I would like to put in ' but keep the data secure.
When it comes back I do not want to show \' I think you might know what I am trying to do.
Here is the code but would like to know how to stop the \' showing.
Code: [Select]
$password = mysql_real_escape_string(stripslashes(trim($_POST['password'])));
Any help would be great thank you.

Hello Everyone,
I've been working with XAMPP 1.7.3 and have a general question. I've always read (and been told) to use addslashes() for any MySQL input to protect the database. My PHP.ini file has magic quotes off and the system automatically produces a caret symbol "^" in front of every control character I upload to the database. I can't find anything in the PHP.ini file relating to the caret symbols and control characters, nor can I find anything in the My.ini file.

In testing, it the system behaves just as it would if I had magic quotes on, except that the system uses the carets instead of slashes. I have no problem removing the carets (and any slashes that a user might upload) but would like to know what is going on. I've done google searches on this and have only found content regarding regular expressions. Could someone clue me in? Thank in advance.
Cheers,
Rick

Hi there i have this code:
Code: [Select]
$str = "<i><font color="800080"> man </font></i><p><font color="9898989"> hi </font></p><p><font color="1111111"> cheers </font></p>";
$pattern = '/<font .*?>(.*?)<\/font>/';
if(preg_match_all($pattern, addslashes($str), $posts)){
        $i=0;
for($i; $i < count($posts[0]); $i++){
            echo "content: " . $posts[0][$i] . "<br/>";
            echo "colour: " . $posts[1][$i] . "<br/>";
             echo "<br />";
           
           }
}
and it doesn't work apparently because of the addslashes but its really needed as double quotes needs to be escaped, consider that i'm applying this code to a larger html file with hundreds of double quotes to be escaped....

error msg i get is Parse error: syntax error, unexpected T_LNUMBER in
thanks in advance..

Hi guys

When I insert a data into MySQL and thru addslashes() it is adding not one but 3 slashes in mysql.

By the way here are the codes,
Code: [Select]
<?php
//$conn = new mysqli('localhost', 'root', '', 'my_db');
$conn = new mysqli('localhost', 'coder9_work', '******', 'coder9_portfolio');
$query = "INSERT into portfolio(category, title, description, version, started, finished) VALUES (?, ?, ?, ?, ?, ?)";

$select = $_POST['select'];
$title = addslashes($_POST['title']);
$description = $_POST['description'];
$version = $_POST['version'];
$started = $_POST['started'];
$finished = $_POST['finished'];


$stmt = $conn->stmt_init();
if($stmt->prepare($query)) {
$stmt->bind_param('ssssss', $select, $title, $description, $version, $started, $finished);
$stmt->execute();
}

if($stmt) {
echo "Thank you!";
} else {
echo "There was a problem. Please  try again later.";
}
?>

How do I fix this problem so that It will add only one slashes?

Thanks in advanced.

I have this page that keeps adding slashes (exponentially) to the $sql var that gets passed on through the hidden text area. I cannot figure out why it does this.

Any ideas are appreciated. Thank you.


<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/include/login.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/include/mysql.php';

if(!Login::loggedIn()) {
include $_SERVER['DOCUMENT_ROOT'] . '/include/uploads/pages/login.php';
} else {
function displayForm()
{
$sql     = 'SELECT * FROM `content` WHERE `contentCallid` = \'' . $_GET['page'] . '\'';
$con     = $GLOBALS['mysql']->connect();
$query   = mysql_query($sql, $con);
$content = mysql_fetch_array($query);

$content['breadcrumb']     = explode(',', $content['breadcrumb']);
$content['breadcrumbLink'] = explode(',', $content['breadcrumbLink']);
$breadcrumb = '';

for($i = 0; $i < count($content['breadcrumb']); $i++) {
if($i > 0)
$breadcrumb .= ',';
$breadcrumb .= $content['breadcrumbLink'][$i] . '::' . $content['breadcrumb'][$i];
}

if(empty($_POST['sql'])) {
$sql = 'INSERT INTO `contentVersions`
(`contentCallid` ,
`contentTitle` ,
`content` ,
`views` ,
`permissionNeeded` ,
`status` ,
`version` ,
`created` ,
`createdBy` ,
`lastEdit` ,
`lastEditBy` ,
`breadcrumb` ,
`breadcrumbLink` ,
`noBreadcrumb` ) 
VALUES (
\'' . ($content['contentCallid'])    . '\',
\'' . ($content['contentTitle'])     . '\',
\'' . ($content['content'])          . '\',
\'' . ($content['views'])            . '\',
\'' . ($content['permissionNeeded']) . '\',
\'' . ($content['status'])           . '\',
\'' . ($content['version'])          . '\',
\'' . ($content['created'])          . '\',
\'' . ($content['createdBy'])        . '\',
\'' . ($content['lastEdit'])         . '\',
\'' . ($content['lastEditBy'])       . '\',
\'' . ($content['breadcrumb'])       . '\',
\'' . ($content['breadcrumbLink'])   . '\',
\'' . ($content['noBreadcrumb'])     . '\');';
$sql = stripslashes($sql);
} else {
$sql = $_POST['sql'];
}
?>
<form id="loginForm" name="loginForm" method="post" action="index.php?p=editPage&page=<?= $_GET['page']; ?>&ref=editPage">
   <fieldset>
    <legend>Page Settings </legend>
<p>
      <label>Page Title: </label>
      <input name="title" style="width:450px;" id="title" value="<?= $content['contentTitle']; ?>" type="text" />
    </p>
<p>
      <label>Content ID: </label>
      <input name="callid" readonly="readonly" style="width:381px;" id="callid" value="<?= $content['contentCallid']; ?>" type="text" />
  &nbsp;
  <input name="suggestC" type="button" value="Suggest" onclick="suggestCallID('<?= $content['contentCallid']; ?>');" />
    </p>
<p>
      <label>Breadcrumb: </label>
      <input name="breadcrumb" style="width:381px;" id="breadcrumb" value="<?= $breadcrumb; ?>" type="text" />
  &nbsp;
  <input name="suggestBC" type="button" value="Suggest" onclick="suggestBreadcrumb();" /></p>
  </fieldset>
  <textarea name="editPageWYS" id="editPageWYS"><?= $content['content']; ?></textarea>
   <textarea style="visibility:hidden;" name="sql"><?= $sql; ?></textarea>
   <textarea style="visibility:hidden;" name="version"><?= $content['version']; ?></textarea>
   <textarea style="visibility:hidden;" name="contentid"><?= $content['contentid']; ?></textarea>
   <fieldset>
    <legend>Actions</legend>
<p>
  <input name="save" type="submit" value="Save" />
    </p>
  </fieldset>
</form>
<?php
}

if(!empty($_POST['save'])) {
if(empty($_POST['title']) || empty($_POST['callid'])) {
echo '<blockquote class="failure">Save not successful. You need to have both a title and content id. Please type in a title then click the "Suggest" button.</blockquote>';
displayForm();
} else {
$time = time();
$bc   = explode(',', $_POST['breadcrumb']);
$bcText = array();
$bcLink = array();

for($i = 0; $i < count($bc); $i++) {
$bc[$i]     = explode('::', $bc[$i]);
$bcLink[$i] = $bc[$i][0];
$bcText[$i] = $bc[$i][1];
}

$bcLink = implode(',', $bcLink);
$bcText = implode(',', $bcText);

$con   = $GLOBALS['mysql']->connect();
$query = mysql_query($_POST['sql'], $con);

echo $_POST['sql'];
if(!$query) {
echo '<blockquote class="failure">Warning: A MySQL error has occured while adding the backup to the database.<p>' . mysql_error() . '</p></blockquote>';
displayForm();
}

$sql = 'UPDATE  `content` SET
`content` = \'' . $_POST['editPageWYS'] . '\',
`breadcrumb` = \'' . $bcText . '\',
`breadcrumbLink` = \'' . $bcLink . '\',
`contentCallid` = \'' . $_POST['callid'] . '\',
`contentTitle` = \'' . $_POST['title'] . '\',
`version` = \'' . ($_POST['version'] + 1) . '\',
`lastEdit` = \'' . $time . '\',
`lastEditBy` = \'' . $_SESSION['username'] . '\'
WHERE `contentid` = ' . $_POST['contentid'] . ' LIMIT 1 ;';

$query = mysql_query($sql, $con);
if(!$query) {
echo '<blockquote class="failure">MySQL Error<p>' . mysql_error() . '</p></blockquote>';
displayForm();
} else {
echo '<blockquote>Page Successfully Edited<br /><br /><a href="index.php?p=' . $_POST['callid'] . '&ref=newPage">Click Here to View It</a></blockquote>';
}
}
} else {
displayForm();
}
}
?>

Ok so I'm coding up a file tree for a script and I've got the system setup so that when a user clicks on a folder it adds that folder to the path. The path is stored in a variable, but I'd like to allow the user to be able to go down multiple directories at once. To do this I'm going to seperate each folder name in the path and link to it so as an example:

$path = './home/public_html/folder1/folder2';

how can I separate each of those so I can make a link to that folder so that:

/home goes to $path = './home/';
/public_html goes to $path = './home/public_html';
etc...
---
Basically just seperate the slashes into an array and seperate each of them off based on how far along it is but I don't know how to do that...

i have a php form where users can update db. but when the input has a <a href=""></a> input, it generates back slashes on the web.

below is the results after the input.
Code: [Select]
<a href=\'\\\"images/gallery/storyslideshow/ppic-5 (1).jpg\'\\\" rel=\'\\\"lyteshow[featgallery]\'\\\" title=\'\\\"\'\\\">View Slideshow</a><br><br>
i have a this on my updating code Code: [Select]
mysql_real_escape_string($_POST["fulldesc"]);

Hi everyone

I am trying to secure some of my code using a sanitize function

function sanitize($data)
{
$cdata = strip_tags(addslashes($data));
$cdata = mysql_real_escape_string($cdata);
return $cdata;
}

If I post a form value such as

Code: [Select]
'Apple iPod'
to a SQL INSERT QUERY using

`title` = sanitize($_POST['title']);

then my database value looks like

Code: [Select]
\\\'the ipod\\\'
this is odd because there is 3 slashes

if I then print that value on a PHP page using

print stripslashes($row['title']);

it outputs

Code: [Select]
\'the ipod\'
Why can I not get rid of the slashes and why would it be outputting 3 slashes?

I have tried all the magic quote ideas and suggestions, but still cannot sort this out.

Thanks

John

Hi,

I need to analyze a string and get the text between, before, and after the forward slashes..

The string will always look something like this, but will vary:

$str = "I will go to the store with <# one/two/three #> people."

Then I need to create a form with radio buttons for each choice. In this case (one, two, or three).

The text between the <# ... #> could be different every time, and with uknown amount of forward slashes.

Here is what I have so far but it doesn't work.

Code to find if there are slashes:

Code: [Select]
preg_match_all( '/([/]+)/',$str,$matches);
Code to create html form ..

Code: [Select]

$i = 0;
$html  = '<form>';

foreach ($matches[0] as $match){

     if ($pos = strpos( $str,$match ) ) === false )
          continue;
     }

     $html .= '<input type="radio" name="place-' . $i . '" value=". $match . '" />&nbsp;&nbsp;';

}

$html .= '</form>';


Its not working as needed. I'm not sure how to create radio button choices for the words (one, two, three).

Thanks

Hi all,


I have an issue on a form that when it gets submitted a slash '/' appears before every quote symbol.
I had help solving the issue on one of the fields (the name field), but then later it was discovered that the slashes appear in all the fields whenever a quote was used (agreed, poor testing).

Can someone be so good to help me solve this? My php knowledge is not so great which is exactly why I'm asking here
Please see my code below. If this problem can be solved in the same manner as the name field was solved, then there are 2 files which will need the edits. They are below:
(some trivial information purposely removed for security reasons)

preview.php

<div id="card">
    <img id="logo" src="logo.jpg" />
    <div id="card1"><?php echo stripslashes($_REQUEST['text1']); ?>&nbsp;</div>
    <div id="card2"><?php echo $_REQUEST['text2']; ?>&nbsp;</div>
    <div id="card3"><?php echo $_REQUEST['text3']; ?>&nbsp;</div>
    <?php 
        if($_REQUEST['text4'] != '' && $_REQUEST['text5'] != '')
            $text = $_REQUEST['text4'].'&nbsp;&bull;&nbsp;'.$_REQUEST['text5'];
        else
            $text = $_REQUEST['text4'].$_REQUEST['text5'];
    ?>
    <div id="card4"><?php echo $text; ?>&nbsp;</div>
    <div id="card5"><?php echo $_REQUEST['text6']; ?>&nbsp;</div>
</div> 

second_form.php
<?php
    session_start();
    $db_host = 'localhost';
    $db_name = '';
    $db_user = '';
    $db_pass = '';

   
   $admin_email = "admin@aserver.com";

if(isset($_REQUEST['text1'])) $_REQUEST['text1'] = stripslashes($_REQUEST['text1']);
   $from = 'orders@mycompany.com';

    if($_REQUEST['count'] != '50' && $_REQUEST['count'] != '100')
    {
        header( 'Location: order.php' );
        die();
    }

    $card_number = trim($_REQUEST['card_number']);
    $card_security = $_REQUEST['card_security'];
    $card_exp_m = sprintf("%02d",((int)$_REQUEST['car_exm_m'])%100);
    $card_exp_y = sprintf("%02d",((int)$_REQUEST['car_exm_y'])%100);

    $count = $_REQUEST['count'];
    $shipping = 8.65;
    $price = $shipping;
    switch($count)
    {
        case 50: $price += 25; break;
        case 100: $price += 38; break;
    }


//$price = 0.01;
//$shipping = 0.01;

    $price = sprintf("%0.2f",$price);




    $fd_xsd = 'http://***';
    $v1_xsd = 'http://***';
    $a1_xsd = 'https://***';

//$email_rep = str_replace('@','[at]',$_REQUEST['text4']);

    $soap = <<<SOAP
        <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
        <SOAP-ENV:Header />
        <SOAP-ENV:Body>
                <fdggwsapi:FDGGWSApiOrderRequest xmlns:fdggwsapi="$fd_xsd"  xmlns:v1="$v1_xsd">
                <v1:Transaction>
                    <v1:CreditCardTxType>
                        <v1:Type>sale</v1:Type>
                    </v1:CreditCardTxType>
                    <v1:CreditCardData>
                        <v1:CardNumber>$card_number</v1:CardNumber>
                        <v1:ExpMonth>$card_exp_m</v1:ExpMonth>
                        <v1:ExpYear>$card_exp_y</v1:ExpYear>
                    </v1:CreditCardData>
                    <v1:Payment>
                        <v1:ChargeTotal>$price</v1:ChargeTotal>
                        <v1:Shipping>$shipping</v1:Shipping>
                    </v1:Payment>
                    <v1:Billing>
                        <v1:Name>{$_REQUEST['text1']} - {$_REQUEST['text2']} - {$_REQUEST['text3']}</v1:Name>
                        <v1:Email>{$_REQUEST['text4']}</v1:Email>
                        <v1:Phone>{$_REQUEST['text5']}</v1:Phone>
                        <v1:Address2>{$_REQUEST['text5']}</v1:Address2>
                        <v1:Address1>{$_REQUEST['text6']}</v1:Address1>
                    </v1:Billing>
                    <v1:Shipping>
                        <v1:Name>{$_REQUEST['info_name']}</v1:Name>
                        <v1:Address1>{$_REQUEST['info_street']} {$_REQUEST['info_APT']}</v1:Address1>
                        <v1:City>{$_REQUEST['info_city']}</v1:City>
                        <v1:State>{$_REQUEST['info_state']}</v1:State>
                        <v1:Zip>{$_REQUEST['info_zip']}</v1:Zip>
                    </v1:Shipping>

                </v1:Transaction>
            </fdggwsapi:XXXApiOrderRequest>
        </SOAP-ENV:Body>
        </SOAP-ENV:Envelope>
SOAP;
//        echo htmlentities($soap);

    $link = "https://ws.firstdataglobalgateway.com/****";

    $store_id = "***";
    $user_id =      "***";
    $pass = "***";
    $key_pass = "***";
    $uss_pass =  ('WS'.$store_id.'***:'.$pass);


    $path = "/home/hoster/ssl_firstdata/";
    $pem_path = $path . "***.pem";  
    $key_path  = $path. "***_.1.key";

    $ch = curl_init($link);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: text/xml") );
    curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);curl_setopt($ch, CURLOPT_USERPWD, $uss_pass);
    curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, $soap);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_SSLCERT, $pem_path);//pem file
    curl_setopt($ch, CURLOPT_SSLKEY, $key_path); // crt file
    curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $key_pass);

    $res = curl_exec($ch);

    //$xml = simplexml_load_string('<?xml version="1.0" encoding="UTF-8"? >'.$res);
    $xml = simplexml_load_string('<?xml version="1.0" encoding="UTF-8"?>'.$res);


    $ch = $xml->children('SOAP-ENV',true);$ch = $ch[1];$ch = $ch->children('fdggwsapi',true);$response = $ch[0];
    $orderId = trim((string)$response->OrderId);

    mysql_connect($db_host , $db_user, $db_pass);
    if(!mysql_select_db($db_name))
    {
        echo "Create the database please";
        exit;
    }

    $result = array(
                'Order Number' => $orderId,
                'errorMessage' => (string)$response->ErrorMessage,
                'response' => $res,
                "\n\nv_name" => $_REQUEST['text1'],
                'v_degree' => $_REQUEST['text2'],
                'v_graduation' => $_REQUEST['text3'],
                'v_email' => $_REQUEST['text4'],
                'v_phone' => $_REQUEST['text5'],
                'v_address' => $_REQUEST['text6'],
                "\n\nOrder Details" => "\n",
                'v_quantity' => $_REQUEST['count'],
                'cost' => ($_REQUEST['count'] == '50' ? '$25.00' : '$38.00'),
                'shipping and handling' => '$8.65',
                'total price' => ($_REQUEST['count'] == '50' ? '$33.65' : '$46.65'),
                "\n\nShipping Information" => "\n",
                'name'  => $_REQUEST['info_name'],
                'street' => $_REQUEST['info_street'],
                'apt' => $_REQUEST['info_APT'],
                'city' => $_REQUEST['info_city'],
                'state' => $_REQUEST['info_state'],
                'zip' => $_REQUEST['info_zip']
        );


    if(strlen($orderId) != 0 && strpos((string)$response->ErrorMessage,'database error') === false)//success
    {
        $result['success'] = 1;
        $link = 'order.php?step=3';
        $subject = "order submitted";
    }
    else
    {
        $result['success'] = 0;
        $link = 'order.php?step=-3';
        $subject = "Error occured while creating order";

    }

   $_SESSION['data'] = $result;
   $into = array();
   $values = array();
   foreach($result as $key => $val)
   {
        $into[] = "`$key`";
        if($key == 'v_quantity') $values[] = addslashes ($val);
        else $values[] = "'".addslashes($val)."'";
   }
   $query = "INSERT INTO `***`.`orders` (".implode(', ',$into).") VALUES (".implode(', ',$values).");";
   
   require_once "send_mail.php";
   $sendTo = array($admin_email,$result['v_email']);
   send_mails($sendTo,$from,$subject,$result);

    mysql_query($query);
    header('Location: '.$link);
    exit;


function render()
{
    global $res,$xml;
//    var_dump($_REQUEST);           
 

//    echo $res;
//
    echo htmlentities($res);
/* */
    var_dump($xml);

}


?>