|
PHP - Getting Rid Of Magic Quotes
i have some code which checks to see if a username and an email is in use. from what i can understand, it uses magic quotes to prevent sql injection. i've heard that magic quotes are not going to be in use in php6, so how can i change it so that it uses real escape string instead?
if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 != 0) { die('Sorry, the username '.$_POST['username'].' is already in use.'); } if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $emailcheck = $_POST['email']; $check = mysql_query("SELECT email FROM users WHERE email = '$emailcheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 != 0) { die('Sorry, the email '.$_POST['email'].' is already registered to another account.'); } Thanks Similar TutorialsMy old server had magic_quotes_gpc turned on. My new one does not. Will mysql_real_escape_string solve all the issues that magic_quotes was used for? My site runs a blogging application and it seems some of the templates which contain a lot of html and css do not insert into the database properly even when using mysql_real_escape_string. Thanks, Brian So, I think you have all heard the news. THEY ARE GONE! Unfortunately, I do have some old code that I do not feel like going line by line and updating. I was wounding if you guys could help me out. I was hoping that there would be a way to set a define of some sort then when I grab something out of an SQL table it will automatically takeout the "\" (Slashes) and when I insert something into the database it will add the slashes... YES I know and have read the statement written by the php group [http://www.php.net/manual/en/securit...uotes.why.php] But i do not particularly want to go through my code and change everything by hand. If you have any idea, or would like me to explain it another way, please post. Any help will be greatly appreciated. --redcrusher After getting valuable help from DavidAm and wildteen88 I am left with this last piece to the puzzle: I have created a function which identifies the names of multi-value checkbox fields used on a Post page where a form just filled out has been saved in a serialized array which will contain associative arrays wherever the checkboxes have been selected. Now I need for the checkbox associative arrays returned on this Review before-final-saving-page to be detected or identified and then Changed to a comma-delimited array, or maybe it just gets converted to one string with commas separating what were parts of the array--I am not sure about that. At any rate, here are the functions that WORK to do this---but they depend on knowing the specific checkboxes that will show up ahead of time: $postvals['cp_checkbox_amenities']= implode(',', $_POST['cp_checkbox_amenities']); $postvals['cp_checkbox_days']= implode(',', $_POST['cp_checkbox_days']); $postvals['cp_checkbox_3']= implode(',', $_POST['cp_checkbox_3']); So I created a function which polls the form and finds the specific names of the checkboxes used on this page--the function ends like this: $results = $wpdb->get_results($sql); if($results) { foreach ($results as $result): // now grab all ad fields and print out the field label and value echo '<li><span>' . $result->field_name . '</li>'; endforeach; } else { echo __('No checkbox details found.', 'cp'); } } } This returns the following: <li><span>cp_checkbox_help</span></li><li><span>cp_checkbox_charley</span></li><li><span>cp_checkbox_hello</span></li> </li> So, I then tried to REPLACE the hard-code functions I show above that take the checkbox arrays and implode them for saving when this form is updated as comma limited values. I tried various versions of this using the same loop that produced the <li> list with $result->field_name : foreach ($results as $result): // now grab all ad fields and print out the field label and value $postvals['. $result->field_name .']= implode(',', $_POST[ '. $result->field_name .']); endforeach; } else { echo __('No checkbox details found.', 'cp'); } } } Every different way I try to get something either errors out or does not perform the Implode, or notifies me that the Implode is creating problems. SOMEHOW, dynamically for each loop I need for a ' single quote mark to appear on each side of $result->field_name so that I have dynamically written in the php code the equivalent to $postvals['cp_checkbox_amenities']= implode(',', $_POST['cp_checkbox_amenities']); $postvals['cp_checkbox_days']= implode(',', $_POST['cp_checkbox_days']); $postvals['cp_checkbox_3']= implode(',', $_POST['cp_checkbox_3']); the $result->field_name gives me a cp_checkbox_3 or a cp_checkbox_amenities, etc,, but I cannot break it down so that $postvals['$result->field_name']= implode(',', $_POST['$result->field_name']); WORKS and I have tried with [PHP? echo ''' .$result->field_name . ''' ?>] and other ways. Incidentally, ", double quotes don't play nice on this server with PHP 5. And I have tried combinations of " ' double quote then single quote and on the other side ' " inside the associative array brackets.. nothing works--either I get errors, implode warnings, or the arrays of these checkboxes do not get changed to comma delimited arrays if the page loads and saves without errors. I'd appreciate receiving what must be an elegantly simple solution! This code only works in firefox <a onMouseout='hidetooltip()' onMouseover='tooltip(\"<img src=img/heroes/$hero.gif\")' href='hero.php?hero=$hero'>Text</a> Btw, I use this in echo (php). How to get quotes (triple) on <img src= ? I also have tried <img src='img/heroes/$hero.gif' But only works on FireFox Quotation marks are confusing me.
What do you guys use when it comes to quotation marks?
In HTML attributes and throughout the bodies of my web pages, I use the HTML entity ("). For example:
<a href="" title="Read "Article Name""> <p>In his new book, he says: "This is a quote."</p>I thought that this is the best practice. However, today, I read that it's perfectly safe to use straight quotes (") in the body, and that I should use the HTML entity only in HTML attributes. Is that correct? But what if I want to use curly quotes in the body instead of straight quotes? Should I always use the HTML entities for curly quotes (“ and ”), or can I also safely use the characters (“”)? I heard that straight quotes are safe in all browsers, even if you don't specify the character set of your web pages, but that curly quotes are only safe if you specify the character set or if you use the HTML entities. Is that true? And what about the <q> tag? Apparently, it's compatible with all browsers but they treat it differently. Edited by Fluoresce, 30 August 2014 - 07:37 AM. Hello everyone! This is my first post. I am very new to php and mysql and coding in general. It has not been made 100% clear to me as to when I should use single quotes, double quotes, and {}. From what I gather you use single quotes for literal interpretation... so if you put something like a variable in single quotes and echoed it, it would literally echo it as it is written and not the value of the variable. in double quotes, I gather that it will echo the value of the variable. as for {} I am unclear as to when to use the curly brackets for a variable. I am assuming if you had a statement in single quotes and you put a variable in curly brackets you would get the value of the variable?
Edited by LazerOrca, 25 November 2014 - 11:20 PM. The fancy-looking quotes won't insert into my DB, so I'm trying to convert them to %93 & %94 or normal quotes.
Nothing I've tried works.
Code:
$fancy=" “test” "; $fixed=htmlentities($old, ENT_QUOTES); echo "fancy: $fancy<br>"; echo "fixed: $fixed"; Results: fancy: “test” fixed: I want $fixed to be %93test%94, or even "test" would work. Edited by rwmaho, 18 October 2014 - 01:28 PM. I don't think I've asked this before have I?? can someone give me an internet KB that gives me all scenarios that warrant using singles or doubles? as in, wrapping values, variables, and why I need to do either, and when, etc, etc....? thanks Edited March 29 by ajetrumpetA problem has arisen which puzzles me. I have forms which save data to MySql and retrieve it, showing it as the default data in the form. Naturally I escape any quotes before sending it to the database and remove the slashes when I retrieve it. But the form HTML code shows the data like this value="$variable" which is fine when only single quotes are used in the data but causes a problem when the user uses double quotes. So data of John \"Jack\" Smith would be output as value="John "Jack" Smith" with obvious problems. If I use value='...' then that would cause problems with single quotes. I haven't seen the answer in any of my books. The only things I can think of is changing all double quotes to single before saving to DB or converting them with htmlspecialcharacters so they are no longer actual quotes. hey guys im wdondering if there's a magic method which works like
__GET()but allows you to put a parameter in...thank you
<?php
class test
{
public function run()
{
$this->object->('string');
// __get with parameter?
}
public function __get($value)
{
return $this->{$value}
}
}
?>
what are magic methods? when do we need to use magic methods? what are the advantages of using magic methods? thanks in advanced. I have a class that has the __get and __set magic methods defined. The idea is to use those to communicate with the __get and __set methods in a database table object which is a protected attribute of this class. Then I can quickly build out models without having to bother with method definitions aside from those that need modifications made to the data before saving. The problem is, they don't seem to be doing anything. I get an undefined function error the first time I call getVarx(). I don't actually have any of the attributes I'm trying to get and set defined in the object, but I thought that was the point of these magic methods. Am I missing something here? Thanks, Brandon Is there any way to produce a custom magic method? Let's say when I try to get an attribute that doesn't have any value, a method gets called that gives that attribute a value. So I want a method to be triggered when I try to get a value from an attribute that doesn't have any value. Hi there every one, i'm writing a class that create instances of other classes and I want to use the __call() magic method to make it more compact and dynamic. here is a basic example of what I'm trying to achieve. The code bellow is the working code. Code: [Select] <?php class creator{ private $objects = array(); public function createObj1($param1, $param2, $param3){ $this->objects[]=new Obj1($param1, $param2, $param3); } public function createObj2($param1, $param2){ $this->objects[]=new Obj2($param1, $param2); } } ?> Now I want the same functionality but using just the __call(), something like this Code: [Select] <?php class creator{ private $objects = array(); public function __call($name, $args){ $this->objects[]=new $name($param1, $param2); } } ?> So, the main problem is, in the $args variable i get an array with all the args passed, How can I make the call to create a new object when in the object constructor are individual parameters needed and not an array of parameters. Thank you in advance. Hi ! I was seeing the Exception class defined in basic.php and I found that all the methods are final and without body: Code: [Select] final public function getMessage () {}But if I call MyCustomException->getMessage() I get the message. How does it works?? I have two classes were one extends the other but they both have magic methods __get __call and __set but when trying to call a magic method it conflicts one with the other as you can imagaine...is there a way of getting around this ie. name spaces
or do I simply have to rewrite my classes
thank you
hey guys i have a __call method in my class...the probelm im having is how to get the arguments into this line Code: [Select] return $this->_db->$method($arguments); if arguments where "test1" and "test2" i want the call to do Code: [Select] return $this->_db->$method("test1", "test2"); the code below will put all arguments into one if anyone can help me on how i can seperate please Code: [Select] public function __call($method, $arguments) { if (method_exists($this->_db, $method)) { $arguments = implode(', ', $arguments); return $this->_db->$method($arguments); } } There's this really old website called http://ipolygraph.com/google/ Basically it mimics the Google homepage (as you can see it's been a while since they've updated) but the idea is really simple but clever. If you go to the search box and type cars (or whatever) and click search, it searches Google for "cars". However if you type something like /php manual/ you'll notice it changes what you're searching to "What is...etc etc". The idea is say you tell your friend you're on Google and you ask them to think of a card, if you type /4c/ is bob thinking of? it'll look as if you're typing "What is Bob thinking of?", when you hit search it'll be the 4 of clubs. Is there any way to make something similar to this? The idea came to me after I learned about the file_get_contents command in PHP. I stumbled upon this book where i first met __set(). When I research it, I met __get(). So there, I don't know who they are. And what they exactly do. If I may ask, is there any tutorial which can give me proper introduction with __set() and __get()? I have read for beginners, but I dont know, maybe I'm too dummy to understand. please bare with me i am just beginner. Thanks in advance. |
|||||||