|
PHP - Help With Slashes Appearing Before Quote Marks
Hi all,
I have an issue on a form that when it gets submitted a slash '/' appears before every quote symbol. I had help solving the issue on one of the fields (the name field), but then later it was discovered that the slashes appear in all the fields whenever a quote was used (agreed, poor testing). Can someone be so good to help me solve this? My php knowledge is not so great which is exactly why I'm asking here Please see my code below. If this problem can be solved in the same manner as the name field was solved, then there are 2 files which will need the edits. They are below: (some trivial information purposely removed for security reasons) preview.php <div id="card"> <img id="logo" src="logo.jpg" /> <div id="card1"><?php echo stripslashes($_REQUEST['text1']); ?> </div> <div id="card2"><?php echo $_REQUEST['text2']; ?> </div> <div id="card3"><?php echo $_REQUEST['text3']; ?> </div> <?php if($_REQUEST['text4'] != '' && $_REQUEST['text5'] != '') $text = $_REQUEST['text4'].' • '.$_REQUEST['text5']; else $text = $_REQUEST['text4'].$_REQUEST['text5']; ?> <div id="card4"><?php echo $text; ?> </div> <div id="card5"><?php echo $_REQUEST['text6']; ?> </div> </div> second_form.php <?php session_start(); $db_host = 'localhost'; $db_name = ''; $db_user = ''; $db_pass = ''; $admin_email = "admin@aserver.com"; if(isset($_REQUEST['text1'])) $_REQUEST['text1'] = stripslashes($_REQUEST['text1']); $from = 'orders@mycompany.com'; if($_REQUEST['count'] != '50' && $_REQUEST['count'] != '100') { header( 'Location: order.php' ); die(); } $card_number = trim($_REQUEST['card_number']); $card_security = $_REQUEST['card_security']; $card_exp_m = sprintf("%02d",((int)$_REQUEST['car_exm_m'])%100); $card_exp_y = sprintf("%02d",((int)$_REQUEST['car_exm_y'])%100); $count = $_REQUEST['count']; $shipping = 8.65; $price = $shipping; switch($count) { case 50: $price += 25; break; case 100: $price += 38; break; } //$price = 0.01; //$shipping = 0.01; $price = sprintf("%0.2f",$price); $fd_xsd = 'http://***'; $v1_xsd = 'http://***'; $a1_xsd = 'https://***'; //$email_rep = str_replace('@','[at]',$_REQUEST['text4']); $soap = <<<SOAP <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header /> <SOAP-ENV:Body> <fdggwsapi:FDGGWSApiOrderRequest xmlns:fdggwsapi="$fd_xsd" xmlns:v1="$v1_xsd"> <v1:Transaction> <v1:CreditCardTxType> <v1:Type>sale</v1:Type> </v1:CreditCardTxType> <v1:CreditCardData> <v1:CardNumber>$card_number</v1:CardNumber> <v1:ExpMonth>$card_exp_m</v1:ExpMonth> <v1:ExpYear>$card_exp_y</v1:ExpYear> </v1:CreditCardData> <v1:Payment> <v1:ChargeTotal>$price</v1:ChargeTotal> <v1:Shipping>$shipping</v1:Shipping> </v1:Payment> <v1:Billing> <v1:Name>{$_REQUEST['text1']} - {$_REQUEST['text2']} - {$_REQUEST['text3']}</v1:Name> <v1:Email>{$_REQUEST['text4']}</v1:Email> <v1:Phone>{$_REQUEST['text5']}</v1:Phone> <v1:Address2>{$_REQUEST['text5']}</v1:Address2> <v1:Address1>{$_REQUEST['text6']}</v1:Address1> </v1:Billing> <v1:Shipping> <v1:Name>{$_REQUEST['info_name']}</v1:Name> <v1:Address1>{$_REQUEST['info_street']} {$_REQUEST['info_APT']}</v1:Address1> <v1:City>{$_REQUEST['info_city']}</v1:City> <v1:State>{$_REQUEST['info_state']}</v1:State> <v1:Zip>{$_REQUEST['info_zip']}</v1:Zip> </v1:Shipping> </v1:Transaction> </fdggwsapi:XXXApiOrderRequest> </SOAP-ENV:Body> </SOAP-ENV:Envelope> SOAP; // echo htmlentities($soap); $link = "https://ws.firstdataglobalgateway.com/****"; $store_id = "***"; $user_id = "***"; $pass = "***"; $key_pass = "***"; $uss_pass = ('WS'.$store_id.'***:'.$pass); $path = "/home/hoster/ssl_firstdata/"; $pem_path = $path . "***.pem"; $key_path = $path. "***_.1.key"; $ch = curl_init($link); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: text/xml") ); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);curl_setopt($ch, CURLOPT_USERPWD, $uss_pass); curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, $soap); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSLCERT, $pem_path);//pem file curl_setopt($ch, CURLOPT_SSLKEY, $key_path); // crt file curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $key_pass); $res = curl_exec($ch); //$xml = simplexml_load_string('<?xml version="1.0" encoding="UTF-8"? >'.$res); $xml = simplexml_load_string('<?xml version="1.0" encoding="UTF-8"?>'.$res); $ch = $xml->children('SOAP-ENV',true);$ch = $ch[1];$ch = $ch->children('fdggwsapi',true);$response = $ch[0]; $orderId = trim((string)$response->OrderId); mysql_connect($db_host , $db_user, $db_pass); if(!mysql_select_db($db_name)) { echo "Create the database please"; exit; } $result = array( 'Order Number' => $orderId, 'errorMessage' => (string)$response->ErrorMessage, 'response' => $res, "\n\nv_name" => $_REQUEST['text1'], 'v_degree' => $_REQUEST['text2'], 'v_graduation' => $_REQUEST['text3'], 'v_email' => $_REQUEST['text4'], 'v_phone' => $_REQUEST['text5'], 'v_address' => $_REQUEST['text6'], "\n\nOrder Details" => "\n", 'v_quantity' => $_REQUEST['count'], 'cost' => ($_REQUEST['count'] == '50' ? '$25.00' : '$38.00'), 'shipping and handling' => '$8.65', 'total price' => ($_REQUEST['count'] == '50' ? '$33.65' : '$46.65'), "\n\nShipping Information" => "\n", 'name' => $_REQUEST['info_name'], 'street' => $_REQUEST['info_street'], 'apt' => $_REQUEST['info_APT'], 'city' => $_REQUEST['info_city'], 'state' => $_REQUEST['info_state'], 'zip' => $_REQUEST['info_zip'] ); if(strlen($orderId) != 0 && strpos((string)$response->ErrorMessage,'database error') === false)//success { $result['success'] = 1; $link = 'order.php?step=3'; $subject = "order submitted"; } else { $result['success'] = 0; $link = 'order.php?step=-3'; $subject = "Error occured while creating order"; } $_SESSION['data'] = $result; $into = array(); $values = array(); foreach($result as $key => $val) { $into[] = "`$key`"; if($key == 'v_quantity') $values[] = addslashes ($val); else $values[] = "'".addslashes($val)."'"; } $query = "INSERT INTO `***`.`orders` (".implode(', ',$into).") VALUES (".implode(', ',$values).");"; require_once "send_mail.php"; $sendTo = array($admin_email,$result['v_email']); send_mails($sendTo,$from,$subject,$result); mysql_query($query); header('Location: '.$link); exit; function render() { global $res,$xml; // var_dump($_REQUEST); // echo $res; // echo htmlentities($res); /* */ var_dump($xml); } ?> Similar TutorialsWhile playing with some code, I wrote these few lines of script. $_SESSION["favcolor"] = green; echo "Session variable is ". $_SESSION["favcolor"] ;
I tested the code and everything worked fine. I corrected the code $_SESSION["favcolor"] = "green"; But when I tested it, the page would not open/load.
Then I removed the quote marks and restored the line to it's original state $_SESSION["favcolor"] = green; And things worked fine.
Shouldn't the quote marks be required? Hi All I Am confused I would like to put info into a database but need it to be secure. I have some code shown below. The problem is I would like to put in ' but keep the data secure. When it comes back I do not want to show \' I think you might know what I am trying to do. Here is the code but would like to know how to stop the \' showing. Code: [Select] $password = mysql_real_escape_string(stripslashes(trim($_POST['password']))); Any help would be great thank you. Hello Everyone, I've been working with XAMPP 1.7.3 and have a general question. I've always read (and been told) to use addslashes() for any MySQL input to protect the database. My PHP.ini file has magic quotes off and the system automatically produces a caret symbol "^" in front of every control character I upload to the database. I can't find anything in the PHP.ini file relating to the caret symbols and control characters, nor can I find anything in the My.ini file. In testing, it the system behaves just as it would if I had magic quotes on, except that the system uses the carets instead of slashes. I have no problem removing the carets (and any slashes that a user might upload) but would like to know what is going on. I've done google searches on this and have only found content regarding regular expressions. Could someone clue me in? Thank in advance. Cheers, Rick Hi: Is this the proper way to remove slashes from apostrophes: Code: [Select] if ($_SERVER['REQUEST_METHOD'] == 'POST') { $myTitle = mysql_real_escape_string(stripslashes($_POST['myTitle'])); $myDesc = mysql_real_escape_string(stripslashes($_POST['myDesc'])); $myHeader = mysql_real_escape_string(stripslashes($_POST['myHeader'])); $mySubHeader = mysql_real_escape_string(stripslashes($_POST['mySubHeader'])); $myPageData = mysql_real_escape_string(stripslashes($_POST['myPageData'])); It seems to work fine, I'd just like to clarify I'm not missing anything. Thanks! Hi there i have this code: Code: [Select] $str = "<i><font color="800080"> man </font></i><p><font color="9898989"> hi </font></p><p><font color="1111111"> cheers </font></p>"; $pattern = '/<font .*?>(.*?)<\/font>/'; if(preg_match_all($pattern, addslashes($str), $posts)){ $i=0; for($i; $i < count($posts[0]); $i++){ echo "content: " . $posts[0][$i] . "<br/>"; echo "colour: " . $posts[1][$i] . "<br/>"; echo "<br />"; } } and it doesn't work apparently because of the addslashes but its really needed as double quotes needs to be escaped, consider that i'm applying this code to a larger html file with hundreds of double quotes to be escaped.... error msg i get is Parse error: syntax error, unexpected T_LNUMBER in thanks in advance.. Ok so I'm coding up a file tree for a script and I've got the system setup so that when a user clicks on a folder it adds that folder to the path. The path is stored in a variable, but I'd like to allow the user to be able to go down multiple directories at once. To do this I'm going to seperate each folder name in the path and link to it so as an example: $path = './home/public_html/folder1/folder2'; how can I separate each of those so I can make a link to that folder so that: /home goes to $path = './home/'; /public_html goes to $path = './home/public_html'; etc... --- Basically just seperate the slashes into an array and seperate each of them off based on how far along it is but I don't know how to do that... This is driving me nuts and I'm hoping someone can help me figure it out. I have a site with PHP/MySQL. I have a form where people can submit a comment. This comment then goes into a MySQL database and gets displayed back on another page of the website. NOTE: I put this question in the PHP Forum because I think the problem is happening somewhere BEFORE the info gets entered into MySQL. But of course, I could be wrong. The problem is that some of the comments are coming in with a "\" in front of apostropes, but NOT ALL OF THEM (which is really confusing me). For example, someone entered this comment which shows in the MySQL database exactly like this... I predict Lena's gonna win a lifetime Grammy. It's long overdue. Someone else entered a comment which shows in the MySQL database exactly like this... can\\\'t wait to see first pics of the next addition. Congrats! They both have apostrophes in them, but only that second one added those slashes (and 3 of them for some reason). There are more instances of this where some comments have the slashes before the apostrophe and some don't. Anyone know what might be causing this seemingly random insertion of slashes? I have this page that keeps adding slashes (exponentially) to the $sql var that gets passed on through the hidden text area. I cannot figure out why it does this. Any ideas are appreciated. Thank you. <?php include_once $_SERVER['DOCUMENT_ROOT'] . '/include/login.php'; include_once $_SERVER['DOCUMENT_ROOT'] . '/include/mysql.php'; if(!Login::loggedIn()) { include $_SERVER['DOCUMENT_ROOT'] . '/include/uploads/pages/login.php'; } else { function displayForm() { $sql = 'SELECT * FROM `content` WHERE `contentCallid` = \'' . $_GET['page'] . '\''; $con = $GLOBALS['mysql']->connect(); $query = mysql_query($sql, $con); $content = mysql_fetch_array($query); $content['breadcrumb'] = explode(',', $content['breadcrumb']); $content['breadcrumbLink'] = explode(',', $content['breadcrumbLink']); $breadcrumb = ''; for($i = 0; $i < count($content['breadcrumb']); $i++) { if($i > 0) $breadcrumb .= ','; $breadcrumb .= $content['breadcrumbLink'][$i] . '::' . $content['breadcrumb'][$i]; } if(empty($_POST['sql'])) { $sql = 'INSERT INTO `contentVersions` (`contentCallid` , `contentTitle` , `content` , `views` , `permissionNeeded` , `status` , `version` , `created` , `createdBy` , `lastEdit` , `lastEditBy` , `breadcrumb` , `breadcrumbLink` , `noBreadcrumb` ) VALUES ( \'' . ($content['contentCallid']) . '\', \'' . ($content['contentTitle']) . '\', \'' . ($content['content']) . '\', \'' . ($content['views']) . '\', \'' . ($content['permissionNeeded']) . '\', \'' . ($content['status']) . '\', \'' . ($content['version']) . '\', \'' . ($content['created']) . '\', \'' . ($content['createdBy']) . '\', \'' . ($content['lastEdit']) . '\', \'' . ($content['lastEditBy']) . '\', \'' . ($content['breadcrumb']) . '\', \'' . ($content['breadcrumbLink']) . '\', \'' . ($content['noBreadcrumb']) . '\');'; $sql = stripslashes($sql); } else { $sql = $_POST['sql']; } ?> <form id="loginForm" name="loginForm" method="post" action="index.php?p=editPage&page=<?= $_GET['page']; ?>&ref=editPage"> <fieldset> <legend>Page Settings </legend> <p> <label>Page Title: </label> <input name="title" style="width:450px;" id="title" value="<?= $content['contentTitle']; ?>" type="text" /> </p> <p> <label>Content ID: </label> <input name="callid" readonly="readonly" style="width:381px;" id="callid" value="<?= $content['contentCallid']; ?>" type="text" /> <input name="suggestC" type="button" value="Suggest" onclick="suggestCallID('<?= $content['contentCallid']; ?>');" /> </p> <p> <label>Breadcrumb: </label> <input name="breadcrumb" style="width:381px;" id="breadcrumb" value="<?= $breadcrumb; ?>" type="text" /> <input name="suggestBC" type="button" value="Suggest" onclick="suggestBreadcrumb();" /></p> </fieldset> <textarea name="editPageWYS" id="editPageWYS"><?= $content['content']; ?></textarea> <textarea style="visibility:hidden;" name="sql"><?= $sql; ?></textarea> <textarea style="visibility:hidden;" name="version"><?= $content['version']; ?></textarea> <textarea style="visibility:hidden;" name="contentid"><?= $content['contentid']; ?></textarea> <fieldset> <legend>Actions</legend> <p> <input name="save" type="submit" value="Save" /> </p> </fieldset> </form> <?php } if(!empty($_POST['save'])) { if(empty($_POST['title']) || empty($_POST['callid'])) { echo '<blockquote class="failure">Save not successful. You need to have both a title and content id. Please type in a title then click the "Suggest" button.</blockquote>'; displayForm(); } else { $time = time(); $bc = explode(',', $_POST['breadcrumb']); $bcText = array(); $bcLink = array(); for($i = 0; $i < count($bc); $i++) { $bc[$i] = explode('::', $bc[$i]); $bcLink[$i] = $bc[$i][0]; $bcText[$i] = $bc[$i][1]; } $bcLink = implode(',', $bcLink); $bcText = implode(',', $bcText); $con = $GLOBALS['mysql']->connect(); $query = mysql_query($_POST['sql'], $con); echo $_POST['sql']; if(!$query) { echo '<blockquote class="failure">Warning: A MySQL error has occured while adding the backup to the database.<p>' . mysql_error() . '</p></blockquote>'; displayForm(); } $sql = 'UPDATE `content` SET `content` = \'' . $_POST['editPageWYS'] . '\', `breadcrumb` = \'' . $bcText . '\', `breadcrumbLink` = \'' . $bcLink . '\', `contentCallid` = \'' . $_POST['callid'] . '\', `contentTitle` = \'' . $_POST['title'] . '\', `version` = \'' . ($_POST['version'] + 1) . '\', `lastEdit` = \'' . $time . '\', `lastEditBy` = \'' . $_SESSION['username'] . '\' WHERE `contentid` = ' . $_POST['contentid'] . ' LIMIT 1 ;'; $query = mysql_query($sql, $con); if(!$query) { echo '<blockquote class="failure">MySQL Error<p>' . mysql_error() . '</p></blockquote>'; displayForm(); } else { echo '<blockquote>Page Successfully Edited<br /><br /><a href="index.php?p=' . $_POST['callid'] . '&ref=newPage">Click Here to View It</a></blockquote>'; } } } else { displayForm(); } } ?> Hi guys When I insert a data into MySQL and thru addslashes() it is adding not one but 3 slashes in mysql. By the way here are the codes, Code: [Select] <?php //$conn = new mysqli('localhost', 'root', '', 'my_db'); $conn = new mysqli('localhost', 'coder9_work', '******', 'coder9_portfolio'); $query = "INSERT into portfolio(category, title, description, version, started, finished) VALUES (?, ?, ?, ?, ?, ?)"; $select = $_POST['select']; $title = addslashes($_POST['title']); $description = $_POST['description']; $version = $_POST['version']; $started = $_POST['started']; $finished = $_POST['finished']; $stmt = $conn->stmt_init(); if($stmt->prepare($query)) { $stmt->bind_param('ssssss', $select, $title, $description, $version, $started, $finished); $stmt->execute(); } if($stmt) { echo "Thank you!"; } else { echo "There was a problem. Please try again later."; } ?> How do I fix this problem so that It will add only one slashes? Thanks in advanced. Hi all, I've been having some trouble with the whole slashes and apostrophy situation. When the user enters into the database locally they can enter in apostophies no problem and it outputs on the site no problem. When the user edits the data it then alters it and removes apostrophies from the headline field, not the text editor field (tinyMCE). However, when I test it on the web (it's secured so I am unable to provide a link), there are more problems, those being that when it enters into the database it adds slashes where there are apostrophies but doesn't do this locally... Could this by a PHP version issue? Version 5.3.5 on the web and 5.3.1 locally. In addition when the you come to edit the data all of the apostropies and following letter have been removed and slashes put in their place. But as I say this doesn't happen locally.. Here is the insert statement: <?php require_once('auth.php'); ?> <?php $host="localhost"; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name=""; // Database name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $newsHeadline = $_POST['newsHeadline']; $newsContent = $_POST['newsContent']; $query = "INSERT INTO news (newsDate, newsHeadline, newsContent) VALUES ('".date("l"." "."j"." "."F"." "."Y")."','".mysql_real_escape_string($newsHeadline)."','".mysql_real_escape_string($newsContent)."')"; if(mysql_query($query)) { echo "News successfully inserted.<br/><a href='addNews.php'>Back to main page</a><br/>"; }else echo "Encountered an error.".mysql_error()."<a href='javascript:history.go(-1)'>Click here to go back</a><br/>"; // close connection mysql_close(); ?> Here is the php to output the text // while there are rows to be fetched... while ($list = mysql_fetch_assoc($resultSelectNewsData)) { // echo data echo "<div class='newsArticle'><p class='newsHeadline'>"; echo stripslashes ($list['newsHeadline']); echo "<br /><span class='nDate'>Posted on: ".$list['newsDate']."</span></p><div class='newsContent'><p>"; echo stripslashes ($list['newsContent']); echo "</p></div><!--news content end--><br /></div><!--news article end-->"; } // end while Here is the PHP to view the data ready to edit: <?php require_once('auth.php'); ?> <?php $pagetitle = "Langbaurgh Sunday League";?> <?php include("includesAdmin/header.php");?> <?php include("includesAdmin/nav.php");?> <div id="mainContentAdmin"> <h1>Admin Panel</h1> <?php // Make a MySQL Connection $newsID=$_GET['newsID']; //Query to join tables and obtain team names linked to IDs $sql2= mysql_query ("SELECT * FROM news WHERE newsID = '$newsID'")or die(mysql_error()); echo "<form name='editDetails' method='post' action='php_update_news_item.php'>"; $row = mysql_fetch_array($sql2); // Print out the contents of each row echo "<input type='hidden' name='newsID' id='newsID' size='15' value='".$row['newsID']."'/>"; echo"News Headine: <br /><input type='text' name='newsHeadline' id='newsHeadline' size='40' value='".$row['newsHeadline']."'/><br />"; echo"News Story: <br /><textarea name='newsContent' id='newsContent' cols='50' rows='15'>".$row['newsContent']."</textarea>"; echo "<input type='submit' name='submit' value='Update News Story'/>"; mysql_close(); ?> </div><!--contentAreaEnd--> <?php include("includesAdmin/footer.php");?> Here is the file to update the data <?php require_once('auth.php'); ?> <?php $host="localhost"; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name=""; // Database name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $newsID = $_POST['newsID']; $newsHeadline = $_POST['newsHeadline']; $newsContent = $_POST['newsContent']; $query = "UPDATE news SET newsHeadline='".mysql_real_escape_string($newsHeadline)."', newsContent='".mysql_real_escape_string($newsContent)."' WHERE newsID='".mysql_real_escape_string($newsID)."'"; if(mysql_query($query)) { echo "News successfully updated.<br/><a href='view_news_id.php'>Back to news viewing</a><br/>"; }else echo "Encountered an error.".mysql_error()."<a href='javascript:history.go(-1)'>Click here to go back</a><br/>"; // close connection mysql_close(); ?> All help would be massively appreciated as I am really stuck with this. I've tried all sorts including stripslashes, trim, a combination of both, yet I hit snags with each one of them.. Many thanks in advance, Aidan Hi, I need to analyze a string and get the text between, before, and after the forward slashes.. The string will always look something like this, but will vary: $str = "I will go to the store with <# one/two/three #> people." Then I need to create a form with radio buttons for each choice. In this case (one, two, or three). The text between the <# ... #> could be different every time, and with uknown amount of forward slashes. Here is what I have so far but it doesn't work. Code to find if there are slashes: Code: [Select] preg_match_all( '/([/]+)/',$str,$matches); Code to create html form .. Code: [Select] $i = 0; $html = '<form>'; foreach ($matches[0] as $match){ if ($pos = strpos( $str,$match ) ) === false ) continue; } $html .= '<input type="radio" name="place-' . $i . '" value=". $match . '" /> '; } $html .= '</form>'; Its not working as needed. I'm not sure how to create radio button choices for the words (one, two, three). Thanks i have a php form where users can update db. but when the input has a <a href=""></a> input, it generates back slashes on the web. below is the results after the input. Code: [Select] <a href=\'\\\"images/gallery/storyslideshow/ppic-5 (1).jpg\'\\\" rel=\'\\\"lyteshow[featgallery]\'\\\" title=\'\\\"\'\\\">View Slideshow</a><br><br> i have a this on my updating code Code: [Select] mysql_real_escape_string($_POST["fulldesc"]); Ok. So I just started using prepared statements. One issue I ran into is that after inserting say "abc's" into the table with a prepared statement when I read that row and display it, it shows as abc\'s I have to use stripslashes on the variable before displaying it. I thought that with magic quotes. off this would not be a problem. Am I going to have to strip slashes on all fields now? Is there another way around it? here is my phpinfo for reference magic_quotes_gpc Off Off magic_quotes_runtime Off Off magic_quotes_sybase Off Off And compile options Configure Command './configure' '--host=i686-redhat-linux-gnu' '--build=i686-redhat-linux-gnu' '--target=i386-redhat-linux' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-libdir=lib' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--disable-debug' '--with-pic' '--disable-rpath' '--without-pear' '--with-bz2' '--with-curl' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--enable-gd-native-ttf' '--without-gdbm' '--with-gettext' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png' '--with-pspell' '--with-expat-dir=/usr' '--with-pcre-regex=/usr' '--with-zlib' '--with-layout=GNU' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-sysvmsg' '--enable-track-vars' '--enable-trans-sid' '--enable-yp' '--enable-wddx' '--with-kerberos' '--enable-ucd-snmp-hack' '--with-unixODBC=shared,/usr' '--enable-memory-limit' '--enable-shmop' '--enable-calendar' '--enable-dbx' '--enable-dio' '--without-mime-magic' '--without-sqlite' '--with-libxml-dir=/usr' '--with-xml' '--with-mhash=shared' '--with-mcrypt=shared' '--with-apxs2=/usr/sbin/apxs' '--without-mysql' '--without-gd' '--without-odbc' '--disable-dom' '--disable-dba' '--without-unixODBC' '--disable-pdo' '--disable-xmlreader' '--disable-xmlwriter' '--disable-json' Thanks JT Hi everyone I am trying to secure some of my code using a sanitize function function sanitize($data) { $cdata = strip_tags(addslashes($data)); $cdata = mysql_real_escape_string($cdata); return $cdata; } If I post a form value such as Code: [Select] 'Apple iPod' to a SQL INSERT QUERY using `title` = sanitize($_POST['title']); then my database value looks like Code: [Select] \\\'the ipod\\\' this is odd because there is 3 slashes if I then print that value on a PHP page using print stripslashes($row['title']); it outputs Code: [Select] \'the ipod\' Why can I not get rid of the slashes and why would it be outputting 3 slashes? I have tried all the magic quote ideas and suggestions, but still cannot sort this out. Thanks John So I ran into the most bizarre problem ever on my live server. For some odd reason something, somewhere is adding an extra character after every " mark I have. Now I am using zend framework but this can not be an issue involving them since everything works perfectly on my localhost. I am using 1and1 to host my application but for the love of me I can not narrow this down any more. Ex of my problem, I type this into my text box: "This is a sentence" and it proceeds to saving this: \"This is a sentence\" Something is happening right after I submit my form because if I add the code directly in my database, it displays everything fine. Has any one ever ran into this problem before? Hi everyone, I am having a problem with using quotation marks / apostrophe with php and mysql. If I enter the following lines in mysql. "user's resume" when I do a query from mysql i get back " User\'s resume" it's adding a slash before the apostrophe. How can I fix this ? Thanks. Hey, I've created a messaging system for my site and I'm trying to make it so that a copy of the original message is included and automatically put into the message content box when somebody clicks to reply. I've done this literally just by making the "reply" button into a form which also posts the content of the message from the previous page and puts it into the content box. However I have some issues with it: firstly, wherever ' is used, it becomes \' and wherever " is used, the whole of the rest of the message is blanked out. Can anybody point me in the direction of the solutions I might need to make it so that ' and " both appear normally without cutting the rest of the message off? Thanks in advance & let me know if anything is missing! Hello, I have a script coded in PHP and alot of JavaScript and I have problems with languages like Arabic and Hebrew ( non Latin characters) .. It is showed as question marks in the website like this ( ?????????) and in the database .. I converted the SQL Database from Latin Swedish to UTF-8 in phpmyadmin and now the database is correct but the website is still in question marks . In every HTML code you can see this : ........... content="text/html; charset=utf-8"/> and I tried changing the same php pages to UTF-8 using text editors but nothing happened . any help will be great. thanks. I am having a problem with my code and would be grateful if someone could point me in the right direction. Please see my code below:
<?php
$dbcon = mysqli_connect('localhost','user','','videos');
$sql='SELECT * FROM videos';
$result = mysqli_query($dbcon, $sql);
$row = mysqli_fetch_array($result);
$image = $row['image'];
$title = $row['title'];
$description = $row['description'];
echo '<a href="#">
<div class="thumb" style="background-image: url("' . $image . '");"></div>
</a>
</div>
<div class="column-content">
<p class="column-title">Latest Video</p>
<p class="column-heading"><a href="#">' . $title . '</a></p>
<div class="video-description">
<p>' . $description . '</p>'
mysqli_close($dbcon);
?>
Now the connection to the database works, also the title and description is fine too. The problem is with the image. I cannot get it to display and I'm sure it has something to do with the quotation marks but I don't know in what order they should be. If I just use html the code for the image would be : <div class="thumb" style="background-image: url('image.jpg');"></div> with just a single quotation around the image url. Any help would be much appreciated.
Tony |
|||||||