PHP - Special Characters Mess With Sql Queries?
So I've slowly noticed that thinks like apostrophes and such will cause mySQL queries to fail when going through PHP? I believe it probably has something to do with escaping and magic quotes? For instance, see this code:
Code: [Select] $ename = "Jakes"; $qry = "SELECT * FROM userBars WHERE barName='$ename'"; $result = mysql_query($qry); if($result){ echo "success"; while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { echo "Name :{$row['barName']} <br>" . "ID : {$row['barID']} <br>" . "Address : {$row['barAddress']} <br><br>"; } }else{ echo "Error"; } That work fine, but say it's spelled "Jake's" in the database, that appears to fail every time. It's got to be something PHP is doing because if i just query the database like so: SELECT * FROM userBars WHERE barName="Rick's" from database console, it works just fine and I see the entire row. Anyone have any clue what's going on here? Similar TutorialsHi experts. I am received a GET variable into a page which is a id with a value as uuid:3242_2323_4444_9909_433/child_repeat[1]. Which is being used in my mysql query. So my query will be SELECT * from table_1 WHERE id = $id. However php is treating this string differently, my query fails, it says that it has a error near :3242_2323_4444_9909_433/child_repeat[1]. So it seems that its interpreting the colon as something else and removing the text before the colon. Hi all I need to retrieve a remote file and store it on my server. There are several methods to do this, but all of them fail when the URL contains special characters such as spaces. Consider the following URL: 'http://www.somedomain.com/Images/Products/MyProduct (Large).jpg' Assuming the allow_url_fopen directive is set to "on" in the php.ini, one can normally call: $url = ... $handle = fopen($url); to access the file. However, the space in the filename causes a Bad HTTP Request (Response 400). Using urlencode to encode the url doesn't solve the problem either, as all forward slashes and the colon after the protocol get escaped, and fopen doesn't recognize it as a URL. Besides manually replacing all the characters in the URL that are not colons or forward slashes (and are considered 'special'), can anyone give me any other solutions to make this work? Thanks Hello everyone! I'm working on a PHP employee database that uses the local network's active directory to allow users to log in. Basically, I'm using the ldap_bind command to authenticate and figure out what user is logging in. The main snippet of code is: Code: [Select] $username = $_POST['username']; $password = $_POST['password']; $convertedPassword = utf8_encode($password); if (ldap_bind($ds,"health1\\" . $username,$convertedPassword)){do stuff} This works fine for normal username/passwords, but has been getting hung up on special characters. I added the utf8_encode command, which allowed password with carrot (^) characters, but it still won't allow backslashes ( \ ). I get Code: [Select] Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Invalid credentials in /var/www/emp/index.php on line 22 every time with a password such as "Blabla12\" The utf8_encode command seems to be escaping the \, which I think is what I want. Has anybody else had any luck with this? -Sam I hope this is a fairly quick one, I've got a form I'm building where i may well have some special characters being inserted (accents mostly) now normally i would just pop in an HTML editor (TinyMCE) and let that deal with it. But i am looking to export this data as a CSV for use in excel, which means i can't afford to have HTML tags within the output. I am sure someone will have come across this before any suggestions? many thanks Matt Am trying to save a text input that require the use of some php special characters like (" ", ' ' ) e.t.c. When ever i post the data, the system returns an error. please, how can i go about this?
Thanks in advance
Code: [Select] $DB->query("SELECT id,name from ibf_members where name = '{$ibforums->input['to']}' LIMIT 1"); $e2 = $DB->fetch_row(); if ($e2['id']){ }else{ $std->Error2("Username doesn't exist dude"); } Ok, if I put in my username let's say 1of my users name is "$tabB" if I do that, it doesn't work is there a work around? Code: [Select] <?php> $filename='http://www.example.com/polopoly_fs/1.1034350!/img/httpImage/image.jpg'; $size = getimagesize($filename); print $size; </php> If the image has symbol "!", it takes long time to execute the script. Please tell me how can we avoid this. Sorry, but this is a copy/paste from another site, thought it would be helpful here. [size=115]Support Request Template[/size] What version of phpBB are you using? phpBB 3.0.7-PL1 What is your board's URL? http://asersmia.com/twenty-thirteen Who do you host your board with? webhostingpad.com How did you install your board? I used a tool provided by my host Is your board a fresh install or a conversion? Fresh Install Do you have any MODs installed? Yes Is registration required to reproduce this issue? Yes What MODs do you have installed? profile comments blogs mchat What styles do you currently have installed? dark grunge/custom/prosilver What language(s) is your board currently using? english Which database type/version are you using? MySQL 5 What is your level of experience? Comfortable with PHP and phpBB What username can be used to view this issue? n/a What password can be used to view this issue? n/a When did your problem begin? Just a few days ago. My hosting provider will not do squat about it, even though I did nothing to the database to cause this issue. Please describe your problem. it is a problem that has suddenly developed in the mysql database. I have several members that have previously registered with a " ' " (apostrophe special symbol) in their name. No problem for nearly a YEAR till just a few days ago, when the server was being sluggish yet again ( NOTE: DO NOT HOST WITH WEBHOSTINGPAD.COM as this is not an isolated incident with their server messing up a database). Now, people who have registered names cannot log in, they get a 404 not found error. Additionally, I cannot change their name to something without a ' in it through ACP, I get the same error... 404. I have to go into the DB to change it there and then I can pull up their name. And finally, when someone tries to register with a ' in their name like O'Brady, for instance, it will throw the same error. Has anyone seen this, and if so, how can it be resolved? [size=60]Generated by SRT Generator ($Rev: 4778 $)[/size] When our members try to insert text from other sources, some of the markup gets transformed into special characters. We think this is caused by the transition from rich text editors to our text areas. Any idea how to fix this? This profile shows and example http://pitchbig.com/c/enigmagames Hi all, I've been running a basic contact us form using a textarea for users to send us enquiries for a few months now. We have a few foreign users that use special accented characters like umlaut etc... Which are common to lots of languages other than english. When the php script processes the data and sends it in a html based email it screws up the symbols and sends a load of rubbish where they should be. I have been trying out a few variations of script but cannot get any to display correctly. Old script: function previous_request_value($str) { if (isset($_REQUEST[$str]) ) return $_REQUEST[$str]; else return ''; } function cndstrips($str) { if (get_magic_quotes_gpc()) return stripslashes($str); else return $str; } $visitor_email=cndstrips(trim(previous_request_value('visitor_email'))); $visitor_name=cndstrips(trim(previous_request_value('visitor_name'))); $visitor_companyname=cndstrips(trim(previous_request_value('visitor_companyname'))); $message_body=cndstrips(trim(previous_request_value('message_body'))); $message_telephone=cndstrips(trim(previous_request_value('message_telephone'))); $msg_subject=cndstrips(trim(previous_request_value('msg_subject'))); Current Version (My attempt at editing the code to convert specialchars still doesnt work correctly): function previous_request_value($str) { if (isset($_REQUEST[$str]) ) return $_REQUEST[$str]; else return ''; } function cndstrips($str) { if (get_magic_quotes_gpc()) { $str = htmlspecialchars(stripslashes($str), ENT_QUOTES); } else { $str = htmlspecialchars($str, ENT_QUOTES); } preg_replace('/&(?![A-Za-z0-9#]{1,7};)/','&',$str); return $str; } $visitor_email=cndstrips(trim(previous_request_value('visitor_email'))); $visitor_name=cndstrips(trim(previous_request_value('visitor_name'))); $visitor_companyname=cndstrips(trim(previous_request_value('visitor_companyname'))); $message_body=cndstrips(trim(previous_request_value('message_body'))); $message_telephone=cndstrips(trim(previous_request_value('message_telephone'))); $msg_subject=cndstrips(trim(previous_request_value('msg_subject'))); Any ideas where i'm going wrong? Plus another slightly annoying feature is if a user enters html entities as & instead of just &, it double encodes it to &amp; I have tried to use htmlspecialchars_decode first but it crashes the whole script. I'd appreciate any help available. Thanks. This topic has been moved to PHP Regex. http://www.phpfreaks.com/forums/index.php?topic=313299.0 I created a form where someone can add their name and a comment and then submit it to my database. here's the code of the form PHP |