PHP - Apostrophes And Urlencode Help
i have a textarea in my form. If my validation script detects an error it will send it to the same page with what they had in that textarea encoded in the url. The script detects the $_GET['variable'], decodes it, and stores it as the default in the textarea so they don't have to retype it all again. The problem is the apostrophes add 7 slashes when it gets added back to the textarea. heres the relevant snippets..
Code: [Select] <?php function clean_post($variable) { $cxn = mysqli_connect($host,$user,$passwd,$dbname) or (mysqli_error($cxn)); return mysqli_real_escape_string($cxn, strip_tags($variable)); } $description = clean_post($_POST['description']); $description = str_replace(array('\r\n', '\r', '\n'), ' ', $description); $description = urlencode($description); $base = "http://mywebsite.com/"; $url = $base."?mm=1&tt=".$description; $location = "Location:".$url; die(header($location)); and then to output it in the textarea Code: [Select] <?php $tt = urldecode(strip_tags($_GET['tt'])); <textarea id=location name=location maxlength="140" > <?php echo $tt; ?> </textarea> and this is what my url ends up looking like http://mysite.com/wordpress/?mm=3&tt=what\\\%27s+the+deal%3F and this ends up in my textarea "what\\\\\\\'s the deal?" Similar Tutorialsim using urlencode() to replace special characters in the url. It works on spacs, replacing them with '+' but it isnt working on a special character i have tried, the exclamation mark. Is this the right function to use for this? and if so why isnt it working for me? Code: [Select] function create_url($str) { $str = urlencode($str); return $str; } function decode_url($str) { $str = urldecode($str); return $str; } i use the function create_url() for the link and use decode_url() when the link is clicked so i can display the proper name. eg: Code: [Select] $forum_url_name = create_url($row['f_name']); and when viewing the forum: Code: [Select] $forum_name = decode_url($_GET['f_name']); I have an address in a variable, I pass this address to a google maps page/function that geocodes it and returns the street view. Heres an example of a link: Code: [Select] <a href="mapget.php?address=<?php echo urlencode(strip_tags($comaddress));?>" name="mapit">Map It</a> The address' come from either a curl or dom request so I have been trying to strip and trim them as much as possible but the urls come out looking like... Code: [Select] www.mysite.com/mapget.php?address=7855+N+SOMESTREET+AVE+SOMECITY++++++++++++++++++++++%2C+CA+11111My maps only seem to be getting the street... I am using urldecode($address) on the receiving page and when I echo $address on the receiving page it looks completely correct. Any ideas? Should we always use urlencode() when passing values through GET? If not, when is it should we NOT use it? Thanks I am placing this in the PHP sections because I think you all will know this answer the quickest. I am creating a podcast. I have created the XML file successfully. I have placed the file on my server and have gotten one of my podcast clients (Media Monkey) to pick it up and the mp3 files within it successfully. My issue is that when i try an get iTunes to work with it there is problems. iTunes will read the XML, but will not download the mp3's. I'm pretty sure I know why, but there is a huge catch-22 in the deal. To protect my content my CDN offers a method by where I add some query parameters to the end of the mp3 file to protect it from illegal downloads. It look like this (not actual file) Code: [Select] http://www.sitename.com/2011-03-14.mp3?px-hash%3Db42c227e36ef27aee6e96ae9c4f32214%26px-time%3D1300704254Using this string in the XML makes it validate correctly. The issue is because this link is urlencoded, the XML validates, but iTunes will not process the link as a valid link. Now if I remove the urlencoded part of the link, the XML will not validate and then iTunes will not even read the XML file. This is the link without encoding. Code: [Select] http://www.sitename.com/2011-03-14.mp3?px-hash=98c7759588a9add0728350dd69871cdf&px-time=1300731722 See where I'm going? Anyone have a solution? How do I get around this catch-22? I need a way to pass the un-encoded link in the XML file, but still make it validate. Thanks for your help. (yes i see the links are different. Its ok as an example.) Just a small question really. If you use "urlencode()" for example if I am using a GET. Should I then do urldecode where a script then uses the GET variable? Hi, I'm trying to do the following: Code: [Select] $name = $_GET['thename']; $to = "some@email.com"; $subject = "Subject of Email"; $message = "Click this link: http://mysite.com?$name" $headers = "From: Me" . "\r\n" . "Reply-To: my@email.com" . "\r\n" . "X-Mailer: PHP/" . phpversion(); mail($to, $subject, $message, $headers); The problem I'm experiencing is that the Get function retrieves "/thename=First+Last name", which converts to a broken link in the message (because of the "+" in the url). How would I use urlencode to make sure the Get replaces the + with a %20 in this instance? It doesn't seem that I can use php in the message itself. Thanks! I am inserting last names into the database using mysql_real_escape_string(), and outputting the data into a textbox using addslashes(). When I try to display O'Brian "O\" is displayed in the text box. The name is saved corretly as O'Brian in the database. I am printing the string like this: Code: [Select] echo "<input type='text' value='" . addslashes($customer['lName']) . "' blah blah..."; anybody have any ideas? Hi. Apologies in advance if this is a stupid question, but hoping someone can help. I'm trying to help a friend who is running a photo gallery script on his website. The developer of the script is not supporting it any longer and I have limited php knowledge. I've been told by his ISP that the script will only work on PHP version 5.6. The problem he has is that when he is adding descriptions to the photos via a back end form, if he uses an apostrophe as in O'Sullivan for example, when he saves the entry, the description text does not show at all. This seems to be a conflict with the php language. Is there a line of code that I can add to the config file or somewhere that will get around this problem? Thanks in advance for any help you can give. I am trying to insert product descriptions into a mysql database, however they are failing because of apostrophes in the text. How do I fix this? Everything is working fine except $productdescription $ProductDescription contains, "Record In Stereo Sound, Then Play Back Your Videos Instantly On You Computer. The Sx130 Is Is All About Creativity, With Fun New Scene Modes Like Miniature Effect For Movies, And Fisheye Effect For Artistically Distorted Stills. While You're Having Fun Creating, The Camera's Smart Flash Exposure And Advanced Smart Auto Systems Are Ensuring That Every Image Is The Best It Can Be. Add The Digic 4 Image Processor, 12.1 Megapixels And Canon's Optical Image Stabilizer, And You've Got The Ideal Camera For Making The Good Times Last." SQL Error on insert, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 're Having Fun Creating, The Camera's Smart Flash Exposure And Advanced Smart Aut' at line 1 " Code: [Select] mysql_select_db("testdb") or die(mysql_error()); mysql_query ("INSERT INTO product (merchantname, producttitle, productdescription, gtin, availability, price) VALUES ('$merchantname[1]','$producttitle[1]','$productdescription[1]','$gtin[1]',''$availability[1]','$price[1]')"); This is driving me nuts and I'm hoping someone can help me figure it out. I have a site with PHP/MySQL. I have a form where people can submit a comment. This comment then goes into a MySQL database and gets displayed back on another page of the website. NOTE: I put this question in the PHP Forum because I think the problem is happening somewhere BEFORE the info gets entered into MySQL. But of course, I could be wrong. The problem is that some of the comments are coming in with a "\" in front of apostropes, but NOT ALL OF THEM (which is really confusing me). For example, someone entered this comment which shows in the MySQL database exactly like this... I predict Lena's gonna win a lifetime Grammy. It's long overdue. Someone else entered a comment which shows in the MySQL database exactly like this... can\\\'t wait to see first pics of the next addition. Congrats! They both have apostrophes in them, but only that second one added those slashes (and 3 of them for some reason). There are more instances of this where some comments have the slashes before the apostrophe and some don't. Anyone know what might be causing this seemingly random insertion of slashes? Hi All, I'm working on an X-Cart site. Looking through the pages, any page with an apostrophe in the content is being loaded as an � instead. The sites' char set is UTF-8. Changing it to ISO then creates an issue in itself with bulleted lists. Just wondering if anyone has had the problem in the past and if they have solved it? Any help appreciated. Cheers i'm having problems with apostrophes causing an error on my contact form. I've tried stripslash and also str_replace but i can't get it to work. what am i doing wrong? thanks Code: [Select] <?php if(isset($_POST['email'])) { // EDIT THE 2 LINES BELOW AS REQUIRED $email_to = "test@test.com"; $email_subject = "test"; function died($error) { // your error code can go here echo "We are very sorry, but there were error(s) found with the form you submitted. "; echo "These errors appear below.<br /><br />"; echo $error."<br /><br />"; echo "Please go back and fix these errors.<br /><br />"; die(); } // validation expected data exists if(!isset($_POST['contact_name']) || !isset($_POST['last_name']) || !isset($_POST['email']) || !isset($_POST['telephone']) || !isset($_POST['comments'])) { died('We are sorry, but there appears to be a problem with the form you submitted.'); } foreach($_POST['check'] as $value) { $check_msg .= "Checked: $value\n"; } $contact_name = str_replace("'", "&#039;", $contact_name); $contact_name = $_POST['contact_name']; // required $last_name = $_POST['last_name']; // required $email_from = $_POST['email']; // required $telephone = $_POST['telephone']; // not required $comments = $_POST['comments']; // required $error_message = ""; $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/'; if(!preg_match($email_exp,$email_from)) { $error_message .= 'The Email Address you entered does not appear to be valid.<br />'; } $string_exp = "/^[A-Za-z .'-]+$/"; if(!preg_match($string_exp,$contact_name)) { $error_message .= 'The First Name you entered does not appear to be valid.<br />'; } if(!preg_match($string_exp,$last_name)) { $error_message .= 'The Last Name you entered does not appear to be valid.<br />'; } if(strlen($comments) < 2) { $error_message .= 'The Comments you entered do not appear to be valid.<br />'; } if(strlen($error_message) > 0) { died($error_message); } $email_message = "Form details below.\n\n"; function clean_string($string) { $bad = array("content-type","bcc:","to:","cc:","href"); return str_replace($bad,"",$string); } $email_message .= "Contact Name: ".clean_string($contact_name)."\n"; $email_message .= "Agency/Company Name: ".clean_string($last_name)."\n"; $email_message .= "Email Address: ".clean_string($email_from)."\n"; $email_message .= "Dates Required: ".clean_string($telephone)."\n"; $email_message .= "Type Required: ".clean_string($check_msg)."\n"; $email_message .= "Any other info: ".clean_string($comments)."\n"; // create email headers $headers = 'From: '.$email_from."\r\n". 'Reply-To: '.$email_from."\r\n" . 'X-Mailer: PHP/' . phpversion(); @mail($email_to, $email_subject, $email_message, $headers); ?> thanks <?php } ?> onlinegamekey. com/MTGT-Auction.php is the page I'm working on. The problem I'm having is cards with an apostrophe in the name breaks the operation. I am populating the Select Box with the Card Names and those are coming in fine, its not until I try to use the select value to get that specific card data do I have an issue. This query specifically Code: [Select] $quer2=mysql_query("SELECT * FROM auctions WHERE Card_Name ='$cards' Order By Price_Per") or die; I've tried $quer2=mysql_query("SELECT * FROM auctions WHERE Card_Name =" . htmlspecialchars($cards) . " Order By Price_Per") or die; but then I get no data for any card. Here is the page code I'm working with. Code: [Select] <?php $cards = $_POST['cards']; //SELECTING DATA FOR THE DROPDOWN $sql = "Select Card_Name From auctions Group BY Card_Name ASC" or die; $result = mysql_query($sql); ?> <script type="text/javascript"> <!-- var optList; var optsValue = new Array(); var optsText = new Array(); //when the page loads get the original options values and text and store them in arrays window.onload = function() { optList = document.getElementsByTagName("option"); for(var i=0; i<optList.length; i++) { optsValue[i] = optList[i].value; optsText[i] = optList[i].text.toLowerCase(); } } function searchSel(txtSearch) { //clear all the current options document.getElementById("items").options.length = 0; var count = 0; for(var i=0; i < optsValue.length; i=i+1) { if(optsText[i].indexOf(txtSearch.toLowerCase()) == 0) { //match found //add this option to the select list options var newOpt = new Option(optsValue[i],optsText[i],false,false); document.getElementById("items").options[count] = newOpt; count = count+1; } } } function reload(form) { var f1 = document.forms['f1'] var val=f1.cards.options[f1.cards.options.selectedIndex].value; self.location='MTGT-Auction.php?card=' + val ; } //--> </script> <style type="text/css"> body { background-color:#000000; } .row-one { background-color: #666666; font-family: Arial, Helvetica, sans-serif; font-size:12px; font-weight: bold; line-height: 17px; color:#CCFF33; } .row-two { background-color: #333333; font-family: Arial, Helvetica, sans-serif; font-size:12px; font-weight: bold; line-height: 17px; color: #FF0; } .th { background-color:#000000; font-family:Arial, Helvetica, sans-serif; font-size:14px; font-weight:bold; color:#CC0000; padding: 2; } </style> <!-- CREATE FORM & SELECT BOX --> <form method="post" name="f1" action="MTGT-Auction.php"> <select name="cards" id="items"> <option value='0'>Select...</option> <?php while ($row=mysql_fetch_array($result)) { if ($row['Card_Name']==@$cards) { echo "<option selected value='$row[Card_Name]'>$row[Card_Name]</option>"; } else { echo "<option value='$row[Card_Name]'>$row[Card_Name]</option>"; } } ?> </select> <br /> <input type="text" id="txt" value="Card Name?" onfocus="this.value==this.defaultValue?this.value='' :null" onkeyup="searchSel(this.value);" style="color:#000000; font:Arial; font-size:12px; background-color:#e1e1e1;" /> <BR /> <input type="submit" value="Submit" name="submit" /> <input type=button onClick="location.href='MTGT-Auction.php'" value='Reset' /> </form> <!-- CREATE TABLE WHERE DATA GOES --> <table border="1" bordercolor="#000000"> <tr align="center"> <th class="th">Auction ID</th> <th class="th">Card Name</th> <th class="th">Cards Per Auction</th> <th class="th">Auction Price</th> <th class="th">Cost Per Card</th> <th class="th">Date Listed</th> <th class="th">Seller Name</th> </tr> <?php //GET DATA FOR TABLE BASED ON SELECTED CARD & LOOP THROUGH $quer2=mysql_query("SELECT * FROM auctions WHERE Card_Name ='$cards' Order By Price_Per") or die; $i =1; WHILE($row = mysql_fetch_array($quer2)) { if ($i%2 !=0) $rowColor = "class='row-one'"; else $rowColor = "class='row-two'"; echo "<tr $rowColor>" . "<td>" . $row[Auction_ID] . "</td><td>" . $row[Card_Name] . "</td><td>" . $row[Qty_Listed] . "</td><td>" . $row[Price] . "</td><td>" . $row[Price_Per] . "</td><td>" . $row[Date] . "</td><td>" . $row[Seller] . "</td></tr>"; $i++; } //} ?> <?php //QUICK CHECK IS OUR VARIABLE SET??? echo "<font color=\"#FFFFFF\">". $cards . "</font>"; ?> </table> I image this is probably a very common problem & easy fix that has been answered many times, but I haven't found any thing that worked for me so any help.. or links to similar issues would really be appreciated. Thank you, Hello, im trying to update my database with a paragraph of text in a texbox. The thing is my paragraph has apostrophes Look: Code: [Select] In the run up to the return of the Wilderness, we've released a new wallpaper depicting a green dragon, plus a couple of 'getting started' guides about the Wilderness and free trade. It doesn't want to update my table and it shows the old paragraph. Here is how my update database looks like. <?php if (isset($_POST['Submit'])) { for($i=0;$i<$count;$i++){ $month = $_POST['month']; $date = $_POST['date']; $message = $_POST['message']; $title = $_POST['title']; $monthday = $month[$i]."<br>".$date[$i]; $sql1="UPDATE $tbl_name SET monthday='$monthday', month='$month[$i]', date='$date[$i]', message='$message[$i]', title='$title[$i]' WHERE id='$id[$i]'"; $result1 = mysql_query($sql1); } header("location:update2.php"); } ?> Can someone show me to to make it add the strip slashes to the $message variable. Thanks Alot! Hi there,
I am getting this in a PHP generated email:
ACWA Member/Subscriber: Melody’s Children’s Service
The line of code in the php is:
$subject = "ACWA Member/Subscriber: $membername";
I have tried htmlentitiies, html_entity_decode, htmlspecialchars but nothing seems to work.
I haven't used htmlentities anywhere else in the code for this variable.
Any suggestions?
All advice gratefully received.
|