|
PHP - Stripslashes Problem
Hi everyone,
I have been building my first admin from scratch, and am going quite well. But now i have a problem that i can't resolve. The website is basically a library of quotes that users can submit, the admin then needs to approve and edit them before they are published on the site. I have the admin built, and can display all the records and delete, but am having a problem with the update. If the quote has a ' in the text it throws an error. If it doesn't it updates fine. There needs to a cleaning function or something applied, and as i am still learning i am lost to how to do this, I added the addslashes but it still throws the error. Code below. case 'updatequote'; $db_name = "auth"; $table_name = "quotes"; $connection = @mysql_connect("localhost", "root", "testing") or die(mysql_error()); $db = @mysql_select_db($db_name, $connection) or die(mysql_error()); foreach($_POST as $input) { $_POST['array_key'] = addslashes($input); } $sql = "UPDATE $table_name SET artist = '$artist',song = '$song',quote = '$quote' WHERE quoteid = ".$_REQUEST['quoteid'].""; $result = @mysql_query($sql,$connection) or die(mysql_error()); echo "Quote Edited Successfully"; break; Similar Tutorialswhen i update something it doesnt show when i click on the page i updated in and i add stripslashes to remove the \ if i remove the stripslashes i get the \ and i dont like that Code: [Select] <?php if(isset($_POST['update'])){ require "scripts/connect.php"; // Set some values to go into the table fields for this person(record) $intro = stripslashes($_POST ['intro']); $latestnews = stripslashes($_POST ['latestnews']); $maincontent = stripslashes($_POST ['maincontent']); $mainvideos = stripslashes($_POST ['mainvideos']); echo "Good Job $username you have UPDATED SUCCESSFULLY!!"; } // Build the sql command string $sqlCommand = "UPDATE content SET intro='$intro', latestnews='$latestnews', maincontent='$maincontent', mainvideos='$mainvideos'"; // Execute the query here now $query = mysql_query($sqlCommand); ?> OK, I am confused a little. I have a script which processes the form data and then uploads it to the mysql database. Simple. Only problem I have is when the textbox is filled with anything with a " it adds a \ before it. example: Have a "great" day is now Have a \"Great\" day So I thought maybe it could be the striplashes. My code isnt working though. Any ideas peoples? CODE: <?php mysql_connect("localhost", "xxxxxxxx", "xxxxxxxxxxxx") or die(mysql_error()); mysql_select_db("xxxxxxxxxxxxx") or die(mysql_error()); $title = stripslashes(trim($_POST['title'])); $content = stripslashes(trim($_POST['content'])); $title = mysql_real_escape_string(trim($_POST['title'])); $content = mysql_real_escape_string(trim($_POST['content'])); $what_id=$_POST['what_id']; mysql_query("UPDATE homepage SET title='$title', content='$content' WHERE id = '1'") or die(mysql_error()); include 'updatedhyperlink1.php'; ?> Content still displays slashes in front of quote. What am I doing wrong? Thanks. { $row = $rs->GetRowAssoc(false); $photos[$i]["id"] = $row["id"]; $photos[$i]["photo_path"] = $config_index["homepage_photos_path"]."/".stripslashes($row["photo"]); $photos[$i]["description"] = stripslashes($row["descr"]); if ($row['type'] == 'l') $photos[$i]["link"] = stripslashes($row["link"]); elseif ($row['type'] == 'p') $photos[$i]["poll"] = get_poll($row['link']); $rs->MoveNext(); $i++; } I have this small piece of a query, there is a var $fulltxt in it that I need to stripslashes for, how would the code look? Code: [Select] $query1 = "SELECT distinct link_id, url, title, description, $fulltxt, size FROM ".$mysql_table_prefix."links WHERE link_id in ($inlist)"; $result = mysql_query($query1); echo mysql_error(); Thanks in advance! Simple question about slashes. If a user uses slashes in their text will all of them be removed using 'stripslashes' function or only the ones that have the ' to the right of the slashes. ? sorry posted before its time..... peoples names like... o'grady o'murphy shows on the screen as o\'grady and o\'murphy Guys thanks for helping me solve the problem i had but now i have another problem and i am lost. i have included the code below for you to have overview.
This is the code:
<table style="width:100%; margin-left:auto; margin-right:auto"> Not exactly sure how to do this. What I need is when a person clicks on the link ie: page.php?nid=1 then it loads what needs to be loaded but if a user clicks and there is no nid ie: page.php?nid= Then it loads something else. if (nid==$nid){ echo "This is the data to show"; }else{ Show this data instead } Both if and else both show different mysql data. Hopefully I explained myself well. Hi guys, I'm working on a side-project whilst my work at Uni is at a low but I'm extremely rusty on PHP; I've not touched it since around '07. Before I get on to my project, which will lift information from external websites, I'm just trying to acquaint myself with cURL again. Before I get flamed, yes this code is largely lifted from a website, but I pretty much understand it. My aim is to be able to get the title of a website, namely Facebook. Whilst this code is fine on seemingly any other website, it doesn't seem to be able to work for Facebook. I've checked the source code, and I really can't see the problem. Can anyone shed some light for me? Code: [Select] <?php $url = 'http://www.facebook.com/'; $webinfo = get_data($url); $title = get_match('/<title>(.*)<\/title>',$webinfo); $content= '<h2>Title of webpage: </h2><p>'.$name.'</p>'; echo $content; function get_match($regex,$content) { preg_match($regex,$content,$matches); return $matches[1]; } //gets the data from a URL function get_data($url) { $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); return $data; } ?> Thanks!!! Hi there, I have a map of America made in flash, where you click on a state and the page should display the SQL database information for that state in the HTML table - but instead all it shows is the first entry of the database regardless of which state you click and it doesn't display the 2 radio buttons. My code is as follows Flash Actionscript 3 (just showing one state) Code: [Select] function waClick(event:MouseEvent):void { var waURL:URLRequest = new URLRequest("restaurants.php?state=Washington"); navigateToURL(waURL, "_self"); } wa_btn.addEventListener(MouseEvent.CLICK, waClick); PHP code Code: [Select] <?php include("mvfconnect.php"); $theChoice = $_GET['state']; $query = "SELECT * FROM restaurants WHERE" .$theChoice; $result = @ mysql_query($query); if (!$result) { $message="Unfortunately we are having problems with this page, we promise to have it fixed as soon as possible"; die($message); } $num = mysql_num_fields($result); $i=0; while ($row = mysql_fetch_array($result, MYSQL_ASSOC)){ $show1=substr($row['state'],0,50)."..."; $show2=substr($row['city'],0,50)."..."; $show3=substr($row['rname'],0,50)."..."; $show4=substr($row['address'],0,50)."..."; $show5=substr($row['pnum'],0,50)."..."; $show6=substr($row['web'],0,50)."..."; $show7=substr($row['dishes'],0,50)."..."; $show8=substr($row['dish_details'],0,50)."..."; $show9=substr($row['challenges'],0,50)."..."; $show10=substr($row['challenge_details'],0,50)."..."; $show11=substr($row['youtube'],0,50)."..."; $show12=substr($row['images'],0,50)."..."; echo "<tr>". "<td>".$row['city']."</td>". "<td>".$row['rname']."</td>". "<td>".$row['address']."</td>". "<td>".$row['pnum']."</td>". "<td>".$row['web']."</td>". "<td>".$row['dishes']."</td>". "<td>".$row['challenges']."</td>". "<td id='state".$i."' style='display:none'>".$row['state']."</td>". "<td id='city".$i."' style='display:none'>".$row['city']."</td>". "<td id='rname".$i."' style='display:none'>".$row['rname']."</td>". "<td id='address".$i."' style='display:none'>".$row['address']."</td>". "<td id='pnum".$i."' style='display:none'>".$row['pnum']."</td>". "<td id='web".$i."' style='display:none'>".$row['web']."</td>". "<td id='dishes".$i."' style='display:none'>".$row['dishes']."</td>". "<td id='dish_details".$i."' style='display:none'>".$row['dish_details']."</td>". "<td id='challenges".$i."' style='display:none'>".$row['challenges']."</td>". "<td id='challenge_details".$i."' style='display:none'>".$row['challenge_details']."</td>". "<td id='youtube".$i."' style='display:none'>".$row['youtube']."</td>". "<td id='images".$i."' style='display:none'>".$row['images']."</td>". "<td><input type='radio' name='vid' id='vid".$i."' onclick='openVideo(".$i.")' /></td>". "<td><input type='radio' name='pic' id='pic".$i."' onclick='openImage(".$i.")' /></td>". "<td class='last'style='display:none'>".$show1." ".$show2." ".$show3." ".$show4." ".$show5." ".$show6." ".$show7." ".$show8." ".$show9." ".$show10."</td>". "</tr>"; $i++; } ?> I have used this code before and it has worked fine, can someone please help me out! Im trying to parse this string and put it in the array.. However i dont know how.. Code: [Select] 11111<>your mobile<>the receiver<>keyword<>2012-01-15<>12:09:08<>wow "this", is great! I want to remove this sign <> and put the elements on the array.. Also i would not want to loose the quotes and commas Can someone help me? thanks I'm trying to run a process using shell_exec, however the program i'm trying to run must communicate with a process that is not a system process, and everytime i run it, it fails, does anyone know how to make a apache/php server run active windows not in the system process? Code: [Select] $sql = "SELECT softwareID,softwareName,softwareType,softwareDesc,softwarePath,ITOnly FROM software WHERE softwareName LIKE '%($searchSoftware)%' ORBER BY softwareName"; $result = mysqli_query($cxn,$sql) or die(mysqli_error()); There is something wrong with my LIKE statement because it's not pulling it since I'm either formatting it wrong or something. Can anyone catch it? Hi. I am from poland. I am 17 old age and like webmastering. I write my social network. I have new server 10 GB VPS and my script no runing In my server. in my server do can not login. No runing function Code: [Select] mb_strtolower();as delete function mb_strtolower() ; this login runing. In my server haven`t installing liberary GD and no runing upload avatars. my code upload is: elseif ($_GET['act'] == "upload") { echo <<< KONIEC <hr> <center> <p> <h2>Dodaj zdjęcie</h2> <ul class="gallery clearfix"> <li class="extra"> KONIEC; error_reporting(E_ALL); // we first include the upload class, as we will need it here to deal with the uploaded file include('include/class.upload.php'); // retrieve eventual CLI parameters $cli = (isset($argc) && $argc > 1); if ($cli) { if (isset($argv[1])) $_GET['file'] = $argv[1]; if (isset($argv[2])) $_GET['dir'] = $argv[2]; if (isset($argv[3])) $_GET['pics'] = $argv[3]; } // set variables $dir_dest = (isset($_GET['dir']) ? $_GET['dir'] : 'test'); $dir_pics = (isset($_GET['pics']) ? $_GET['pics'] : $dir_dest); if (!$cli) { } // we have three forms on the test page, so we redirect accordingly if ((isset($_POST['action']) ? $_POST['action'] : (isset($_GET['action']) ? $_GET['action'] : '')) == 'simple') { // ---------- SIMPLE UPLOAD ---------- // we create an instance of the class, giving as argument the PHP object // corresponding to the file field from the form // All the uploads are accessible from the PHP object $_FILES $handle = new Upload($_FILES['my_field']); // then we check if the file has been uploaded properly // in its *temporary* location in the server (often, it is /tmp) if ($handle->uploaded) { // yes, the file is on the server // now, we start the upload 'process'. That is, to copy the uploaded file // from its temporary location to the wanted location // It could be something like $handle->Process('/home/www/my_uploads/'); $handle->Process($dir_dest); function TestProcess(&$handle, $title = 'test', $details='') { global $dir_pics, $dir_dest; $unlink = 'test/'. $handle->file_dst_name; $myid = $_SESSION['id']; $opis = htmlspecialchars(stripslashes(strip_tags(trim($_POST["opis"]))), ENT_QUOTES); $handle->Process($dir_dest); if ($handle->processed) { unlink("$unlink"); $link = ''.$dir_pics.'/' . $handle->file_dst_name .''; $addphoto = mysql_query("INSERT INTO photo VALUES('', '$myid', '$link', '$opis')"); echo <<< KONIEC <br> <center> <img src="$link" > <br> <br /> </center> KONIEC; } else { echo '<fieldset class="classuploadphp">'; echo ' <legend>' . $title . '</legend>'; echo ' Error: ' . $handle->error . ''; if ($details) echo ' <pre class="code php">' . htmlentities($details) . '</pre>'; echo '</fieldset>'; } } if (!file_exists($dir_dest)) mkdir($dir_dest); // ----------- $handle->image_convert = 'jpg'; $handle->image_resize = true; $handle->image_ratio_y = true; $handle->image_x = 500; $handle->image_precrop = 15; $handle->image_watermark = "watermark_large.png"; $handle->image_watermark_x = 20; $handle->image_watermark_y = -20; TestProcess($handle, '15px pre-cropping (before resizing 800 wide), large watermark automatically reduced, position 20 -20', "\$foo->image_convert = 'jpg';\n\$foo->image_resize = true;\n\$foo->image_ratio_y = true;\n\$foo->image_x = 800;\n\$foo->image_precrop = 15;\n\$foo->image_watermark = 'watermark_large.png';\n\$foo->image_watermark_x = 20;\n\$foo->image_watermark_y = -20;"); } else { // one error occured echo '<fieldset>'; echo ' <legend>file not uploaded to the wanted location</legend>'; echo ' Error: ' . $handle->error . ''; echo '</fieldset>'; } // we copy the file a second time // we delete the temporary files $handle-> Clean(); } else { // if we are here, the local file failed for some reasons echo '<fieldset>'; echo ' <legend>local file error</legend>'; echo ' Error: ' . $handle->error . ''; echo '</fieldset>'; } echo <<< KONIEC <li> </ul> </p> </center> KONIEC; is it the only problem that isn`t installing GD as i have something off in php.ini ? Plise Help me i'm getting this erro "Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 3 in /***/***/*****.php on line 278 not an active session, starts new" this is the code: if ($phase = mysql_result(mysql_query("SELECT `phase` FROM `as_support` WHERE `mission` = '$var2'"),0,0)) { if ($phase=='5') { // mysql_query("DELETE FROM `as_support` WHERE `mission` = '$var2'"); // header("Location: https://www.**********/*******/*******.php"); } else { echo date('h:i:s') . ": PHASE is $phase<br />"; echo "\$var1=$var1,\$var2=$var2<br />"; } } else { echo "not an active session, starts new<br />"; echo "\$var1=$var1,\$var2=$var2<br />"; mysql_query("INSERT INTO `as_support` (`mission`, `phase`) VALUES ('$var2', '0')") OR DIE(mysql_error()); the first line is line no. 278 can someone please tell me what to do? tnx shirley Hi Guys, I am having an issue with an if statement, I cant get it to go true, even though it clearly is! Please excuse the messy code, im pulling my hair out here! $itemprice[0] = 8.99; $itemprice[1] = 19.95; $itemprice[2] = 8.99; print_r($itemprice); echo "<BR>"; $x=0; foreach($itemprice AS $val) { echo gettype($val) .$val. "<br>"; if($val == 8.99) { $x++; $freecount++; } } echo $x; outputs correctly: Array ( => 8.99 [1] => 19.95 [2] => 8.99 ) double8.99 double19.95 double8.99 x = 2 replacing: $newtotal = add_to_price($id, $non_disc); $itemprice[] = $newtotal - $non_disc; print_r($itemprice); echo "<BR>"; $x=0; foreach($itemprice AS $val) { echo gettype($val) .$val. "<br>"; if($val == 8.99) { $x++; $freecount++; } } echo $x; The add to price function returns a running total, the take away gives me the current item price in a for loop to build the array. Output: Array ( => 8.99 [1] => 19.95 [2] => 8.99 ) double8.99 double19.95 double8.99 x = 1 The problem? Well when I build the array up automatically it still prints the same, has the same datatype, yet the if statement does not catch the second 8.99 value? Please accept my apologies for this post, it is my first ever and i've been doing this for 10 years now, i have never been this stumped on something so simple, I can only think it is a datatype error but i have tried apostrophes in the if, make no difference. All help massively gratefully received. Please email me if you want to see it in action... Hi all. When I typed symbol ' in my textarea , after I submit it and view for what I typed , it will automatically add a slash in front of the ' . Such as the message is "I'm fine" , then it will turn out as "I\'m fine". Can I know what is the problem ? and how can I solve it? Thanks for every reply . I am trying to save this an an xml document but am getting this error when I try to open the xml file "feed.xml" - "XML Parsing Error: no element found" $xml = '<rss version="2.0"> <channel> <title> RSS Feed</title> <link></link> <description>the best industry-lead opinions</description> <language>en-us</language> </channel> </rss>"; $xml2 = new DOMDocument('1.0'); $xml2->Load($xml); $xml2->save("feed.xml"); I have having a problem getting a mysql query to work. If I just use mysql_query it looks like this and works fine: INSERT INTO schedule (schedule_pk, schedule_month, schedule_day, schedule_year, schedule_hour, schedule_minute, schedule_type, employeenumber) VALUES ( NULL, 10, 10, 1999, 12, 6, 'DayIn', 3); If I put it through mysql_real_escape_string it turns it to this and does not work when I put it into mysql_query: INSERT INTO schedule (schedule_pk, schedule_month, schedule_day, schedule_year, schedule_hour, schedule_minute, schedule_type, employeenumber) VALUES ( NULL, 10, 10, 1999, 12, 6, \'DayIn\', 3); aka: $query = "INSERT INTO...." mysql_query($query); that works, but: $query = "INSERT INTO...." $sqlQuery = mysql_real_escape_string($query, $con); mysql_query($sqlQuery); results in the error. mysql_query($query); The error is: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'DayIn\', 3)' at line 1 Elo, I'm creating a very simple image list that is function generated which pulls the source from a table in my database, this is my code Code: [Select] $output = "<ul>"; $img_src = get_all_image_src($sel_event['id']); while($src = mysql_fetch_array($img_src)) { for($i=0;$i <= 9; $i++) { $output .= "<li>"; $output .= "<a"; $output .= " class ='album'"; $output .= " rel='group'"; $output .= " href='/images/gallery/'" . $src['img_src'] . $i; $output .= ".jpg"; $output .= " title='sample 1'"; $output .= ">"; //Image Thumb $output .= "<img"; $output .= " src='/images/gallery/'"; $output .= $src['img_thumb_src']. $i . ".jpg"; $output .= "alt='image01' "; $output .= "title='sample title' />"; $output .= "tae"; $output .= "</a>"; $output .= "</li>"; } } $output .= "</ul>"; return $output; and the img src doesnt seems to add up... my folder structure is Sandbox>image>gallery>2011>Mall>Event>Thumbs where Sandbox is the main directory. i tried echoing the $src['img_src'] and it displays correctly the data to be added (which is 2011/Mall/Event/ plus $i and a .jpg) .. sorry noob here... any thoughts? am i missing a simple detail? |
|||||||