|
PHP - Single Quote Messing Up Script
I am making a simple script for my friend that uses mod_rewrite, but for testing I don't use the mod_rewrite link.
The page is video.php The extension is ?title= I have having a problem when I type the title with a Single Quote in it('). Example. video.php?title=The-Sorcerer's-Apprentice I have str_replace for the dash(-) to be replaced as a space, so that's not the problem. Here's my code. <?php if($_GET) { $title="{$_GET['title']}"; $title = str_replace('_', ' ', $title); $title = str_replace('-', ' ', $title); if ($list = mysql_query("SELECT * FROM videos WHERE title='". mysql_real_escape_string($title) ."'") or die (mysql_error())); { if(mysql_num_rows($list) > 0){ if (mysql_num_rows($list)) { while($videos=mysql_fetch_array($list)) { ?> <div id="content"> <center><h3><?php echo $videos['title']; ?></h3> <object width="640" height="385"><param name="movie" value="<?php echo $videos['youtubelink']; ?>"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="<?php echo $videos['youtubelink']; ?>" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object> <br/><br/><a onclick="javascript:history.go(-1)" href="#">Go Back</a> </center> </div> <?php } } } ?> Similar TutorialsHi, I'm trying to delete a string that's single quoted. From: Cyto's to Cyto, but doesn't work. It works when I add 's to the string with stripslashes, but I can't seem to delete a quote from a string. Does someone know how? My $_post code: Code: [Select] $name=mysql_real_escape_string(stripslashes($_POST["ename"])); Cheers Hi, I am able to parse php variable in double quote but not in single quote. How can I parse in single quote. Following example shows 2 results and I want same result in both. First Name : Zohaib First Name : $firstname Code: [Select] // Connecting, selecting database $link = mysql_connect('localhost', 'root', 'password'); mysql_select_db('dbname'); // Performing SQL query $query = 'SELECT first_name FROM tablename'; $result = mysql_query($query); // Printing results in HTML while ($row = mysql_fetch_assoc($result)) { $firstname=$row['first_name']; } echo"<table> <tr> <td>First Name : </td> <td>$firstname</td> </tr></table>"; echo'<table> <tr> <td>First Name : </td> <td>$firstname</td> </tr></table>'; What are the changes I need to do to achieve same result. Any solution ? - Thanks. This will have been posted before, but I can't find a solution that works. Most people say to try mysql_real_escape_string, I have tried lots of variations and it doesn't seem to work. Could anyone help with the below code? It is part of a form that returns a syntax error when adding a single quotation mark e.g. entering "Bryan's" into the form causes the error. I'd be really grateful for any assistance. Steven P.S. Before anyone mentions it, the mysql connect does work - I just haven't included the full page of code. Code: [Select] mysql_connect($dbserver, $dbusername, $dbpassword); mysql_select_db($dbname); $sitetitle = htmlentities($_POST[sitetitle]); $query = mysql_query("UPDATE site_settings SET sitetitle = '$sitetitle'"); echo("<b>Settings Updated!</b>"); I have a form that people can fill out, and then it echos the string, however right now they can't use single quotes. Below is how I have it settup. Code: [Select] $side = '<p>About Me:</p> <ul> <li>Birth Date: October, 23rd, 2010</li> <li>Hometown: Rapid City, SD</li> <li>Height: 4\'</li> <li>Weight: 50lbs</li> <li>Foot Size: 4</li> <li>Favorite Movie: All of the Shrek Movies!</li> <li>Favorite Book: Winnie the Pooh Series</li> <li>Favorite Cartoon Character: Eeyore or Donkey from Shrek!</li> <li>Favorite TV Show: Anything on Animal Planet!</li> <li>Favorite Food: Hay</li> <li>Favorite Pro Sports Team: Rapid City Rush</li> <li>Favorite Mascot: Nugget, of course!</li> <li>Favorite Game: Donkey Kong!<br /> </li> </ul>'; if ($side != NULL){ echo "<div class=\"grid_6\" id=\"tertiary\"> $side </div>"; }else{ } And I would be able to use $side = "whatever I want to write"; because then they would still need to escape the double quotes with \" if they wanted to put in a link or anything. How do I do this with allowing them to just use single quotes when they enter their data so they don't have to \' (escape the single quote)? Thanks I am trying to do the seemingly simple thing - replace all single quotes in text str_replace ("'", "´", $text); It does not replace anything. I trying escaping single quote, using other similar functions - nope. Also tried to google What I an doing wrong? Any help would ne much appreciated. Let me preface this by saying that I've been using php for a while, but never got extremely advanced, so feel free to slap me about for something stupid... I'm working through a jQuery & PHP book, and I've noticed that he's wrapping all his column and table names in the apostrophe ` when making MySQL queries . In the past I've never done this. What does the ` do? I understand about single quotes and double quotes, but haven't come across the ` being used. What's the deal? Hi, I'm trying to type in a name of a song into an input field, for example: I'll Be Missing you This field is captured through $_POST and set to a variable $title I then update the table with this new title. Once it is updated, all that is shown in the data is: I The single quote, and anything after it is gone completely. Here is my query. How can I change this so it includes the single quote and everything after it? $sql = "UPDATE sheets SET artist = '$artist', title = '$title', active = '$activestatus' WHERE id = $value"; $result = mysql_query($sql) or die(mysql_error().'<br>'.$sql); If more code is required to understand what I'm talking about, let me know. Is there a difference between a single quote regex and and double quote regex ?
for example :
<?php
$res1 = preg_match('/shi*t/', $comment);
$res2 = preg_match("/shi*t/", $comment);
?>
Thank you
Edited by Dareros, 17 September 2014 - 07:07 PM. Hi I have a simple form and when the user submits, php is putting a \ before every single quote entered in the field. So for example, if a user enters O'Neill, once i do $lastName = $_POST["lastname"]; $lastName comes back as: O\'Neill is there some way I can turn this off? I'm so sorry for this question but I not really know how to play with single and double quote. If I have a query like this: Code: [Select] mysql_query('UPDATE table SET Status=1,Sending=Done WHERE ID IN ('.implode(',', $done).')'); And I wish to add Code: [Select] SentAt='$date' in the query as well , and I try this: Code: [Select] mysql_query('UPDATE table SET Status=1,Sending=Done,SentAt='$date' WHERE ID IN ('.implode(',', $done).')'); Not working...how should I write it? Thank you. When I add a ' or " quotes in a textarea I get a sql error when it tries to insert the record.
I was told to use mysqli_real_escape_string but that didn't work.
Here's my code -
$blog= mysqli_real_escape_string($con, $_POST['blog']);
$blog= $_POST['message'];
$sql = "SELECT * FROM table WHERE `message` = '{$message}'";
$result = mysql_query($sql);
if ( mysql_num_rows ( $result ) > 0 )
{
$error = "Message Exists.";
}
else
{
$error = "This message does not exist. Insert it!!!";
$sql="INSERT INTO table (message) VALUES ('$_POST[message])";
}
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
mysqli_close($con)
Edited by barkly, 26 October 2014 - 09:31 PM. Hey guys. I just recently started learning php and I like to learn hands on. So, my first project involves the Google Calendar. I found a script on github that is basically a Google calendar feed and I've been manipulating it to meet my personal needs and expectations, but the only thing I am struggling with is the xml part. All I want to do in this case is get the value from ###TITLE### (after it is sorted by newest date which is done automatically in the script) and store it in a new variable but no matter what I try or do and after reading a bunch of material on xml and php, I still cannot get it to work. If anyone knows how to do this and provide an explanation so I can actually learn I would really really appreciate it. Here is the github script https://github.com/m...ter/gcalphp.php
Thank you and I am looking forward to any suggestions or anything.
Hi, I am pretty much a new newbie when it comes to PHP, and have a problem that I need to solve, for a website that has to go live tomorrow. Basically I have been using a javascript upload script called 'uploadify' which had an option for the upload folder which was added to the script in the form: Code: [Select] 'folder' : '/songs/<?php echo $_SESSION["name"];?>', I added the php echo to return the username from a PHP login, so it gets added to the path to the upload folder (each user has their own subfolder for uploading to). With the new version of the uploadify script, the folder option has been moved to a separate PHP file where it is now in the form: Code: [Select] $targetFolder = '/songs/'; I need to find a way of adding the username variable to this line. I have tried using echo in various ways, and googled about, but it has stumped me, simple as it may be. If anyone could let me know how I construct this line I'd be very grateful. Time is of the essence, as they say... Thanks, Nick I almost posted this in the freelancing forum, because I am looking for it to be created, but I first needed more info on what a coder would need to know about the project. I have a script that is designed for a single person, and I want a coder to design it to become an online service with user registration, etc. I'm weary of posting publicly the details about what the script does, but is something like that needed in order for a php programmer to take on a job? Could something like that be left out, until actually giving the coder the job? Do I have to give at least a vague idea of what the script does? I don't understand enough about what a programmer would need to know, but at the same time, I don't want to reveal my idea either. Can somebody help me on how much I am going to need to reveal? Thanks. I know it needs a for loop, but i don't know where in the code i should be putting it? Code: [Select] function check_input($value) { // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // Quote if not a number if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value) . "'"; } return $value; } $_POST = array_map('check_input', $_POST); $sql="INSERT INTO testimonials (CustomerName, Town, Testimonial, SortOrder, Images) VALUES ({$_POST['customername']}, {$_POST['town']}, {$_POST['testimonial']}, {$_POST['sort_order']}, '$imgname' )"; } if (!mysql_query($sql,$con)) { die("<br>Query: $sql<br>Error: " . mysql_error() . '<br>'); } echo "<p align=center><b>1 testimonial added</b></p>"; mysql_close($con); Thanks in Advance, Steve You would think the answer would be all over the Internet and easy to find, but it’s not. I have searched many times, and in all the multitude of search results I have still never found an adequate usable answer. The MOST you ever find is someone saying how easy it is with PHP, but they don’t tell you how, even when the person they are answering asks them (odd). You can be that one in a billion person who finally answers it for real and helps someone out. I have a simple HTML form with data fields first_name, last_name, email, phone, country, a few hidden inputs, and a single submit button, like so: (Please note: the method is GET, not Post.) <form action="https://MyDomainOnMyServer.com/MyPHPScript.php”> <input type="text" name="first_name" value="" /> <input type="text" name="last_name" value="" /> <input type="text" name="email" value="" /> <input type="text" name="phone" value="" /> <input type="hidden" name="type" value="type123"> <input type="hidden" name="project" value="new123"> <select required name="country"> <option value="">Choose your country</option> <option value="US">United States</option> <option value="CA">Canada</option> <option value="GB">United Kingdom</option> <option value="Many More">Many More Countries</option> </select> <input type="submit" value="Submit Form" /> </form> NOTE: Originally, the form action would have been: action="https://TheirExampleDomainOnTheirRemoteServer.com/TheirRemotePHPScript.php" name="form1234" Upon clicking the single submit button only, what I need to have happen is this: 1. Send me an email to whatever@whatever.tld containing all the form submission data 2. Place the form submission data into a MySQL database having the corresponding data fields 3. Send the form submission contents including the hidden input values to "https://TheirExampleDomainOnTheirRemoteServer.com/TheirRemotePHPScript.php" name="form1234" AS IF that had remained set as the original form action to begin with So basically what I’m trying to obtain is the cleanest possible PHP script that will do those three things, which is essentially what others have asked for over the years in search results I have found, but no one has ever provided it in a clear instance that works. If I can just see such a script, I should be able to see how it works and then do what I need. Thanks. Reply PHP script return 20 UL LIST values like, < ul >
A < /ul > How to display UL LIST into row wise 5 columns like
A B C D Hi, I've been scratching my head for a while now about how to do this, I'm relatively new to php and mysql and perhaps foolishly taking on creating a user area for a website. I have everything else working, all of my register account functions and confirmations and all of the login scripts etc. I have created a profile page which returns various information to the user (this bit works fine) and I've got some nice show/hide toggles running with some javascript/css but my intention is to allow the user to change thier information (e-mail address, contact phone number and also whether they are subscribed to the e-mail list), it also displays any support tickets or messages. So after the long intro, here's what I'm struggling with... I have a form in a visibility toggled <div> which submits a 'change_email' script, so a user wants to change their e-mail, clicks on change, the <div> appears, they bang in the new e-mail and hit submit. My php script appears to work (because it doesn't throw up any errors), until you realise that actually it's not updated the record in the db... I'm using mysql_query("UPDATE users SET email='$new_email' WHERE username='$user'"); Do I need to setup variables for all of the information in the db (name, username, password, email, contno etc etc) and include them in the command to get it to work or should that just pick the correct record and then update it? If that is the case is there a way I can include 'blank' variables so I don't have to set them all up... e.g. mysql_query("UPDATE users SET user='',password='',email='$new_email', etc WHERE username='$user'"); Many thanks in anticipation Hello, all: been trying to convert this little single-file upload to multiple by naming each file form-field as "userfile[]" as it's supposed to automatically treat them as an array.. but no luck! Can you guide me as to what am I doing wrong?? appreciate the help! Code: [Select] <?php if (!isset($_REQUEST["seenform"])) { ?> <form enctype="multipart/form-data" action="#" method="post"> Upload file: <input name="userfile[]" type="file" id="userfile[]"> Upload file: <input name="userfile[]" type="file" id="userfile[]"> <input type="submit" value="Upload"> <input type="hidden" name="seenform"> </form> <?php } else { // upload begins $userfiles = array($_FILES['userfile']); foreach ($userfiles as $userfile) { // foreach begins $uploaded_dir = "uploads/"; $userfile = $_FILES['userfile']["name"]; $path = $uploaded_dir . $userfile; if (move_uploaded_file($_FILES['userfile']["tmp_name"], $path)) { print "$userfile file moved"; // do something with the file here } else { print "Move failed"; } } // foreach ends } // upload ends ?> Hi I have a page that looks great without any php in it. As soon as I do a php db call all my div's align left and everything is skew. Does anyone know how this is possible and how to fix it? Thank you Jay |
|||||||