PHP - Php Post Is Returning Single Quote Character

I have a form that people can fill out, and then it echos the string, however right now they can't use single quotes. Below is how I have it settup.
Code: [Select]
$side = '<p>About Me:</p>
<ul>
    <li>Birth Date: October, 23rd, 2010</li>
    <li>Hometown: Rapid City, SD</li>
    <li>Height: 4\'</li>
    <li>Weight: 50lbs</li>
    <li>Foot Size: 4</li>
    <li>Favorite Movie: All of the Shrek Movies!</li>
    <li>Favorite Book: Winnie the Pooh Series</li>
    <li>Favorite Cartoon Character: Eeyore or Donkey from Shrek!</li>
    <li>Favorite TV Show: Anything on Animal Planet!</li>
    <li>Favorite Food: Hay</li>
    <li>Favorite Pro Sports Team: Rapid City Rush</li>
    <li>Favorite Mascot:  Nugget, of course!</li>
    <li>Favorite Game: Donkey Kong!<br />
    &nbsp;</li>
</ul>';
      if ($side != NULL){
         echo "<div class=\"grid_6\" id=\"tertiary\">
         $side
      </div>";
      }else{
 
  }
And I would be able to use $side = "whatever I want to write"; because then they would still need to escape the double quotes with \" if they wanted to put in a link or anything. How do I do this with allowing them to just use single quotes when they enter their data so they don't have to \' (escape the single quote)?

Thanks

Hi, I'm trying to type in a name of a song into an input field, for example:
I'll Be Missing you

This field is captured through $_POST and set to a variable $title

I then update the table with this new title. Once it is updated, all that is shown in the data is:

I

The single quote, and anything after it is gone completely.
Here is my query. How can I change this so it includes the single quote and everything after it?

$sql = "UPDATE sheets SET artist = '$artist', title = '$title', active = '$activestatus' WHERE id = $value";
        $result = mysql_query($sql) or die(mysql_error().'<br>'.$sql);  

If more code is required to understand what I'm talking about, let me know.

Let me preface this by saying that I've been using php for a while, but never got extremely advanced, so feel free to slap me about for something stupid...

I'm working through a jQuery & PHP book, and I've noticed that he's wrapping all his column and table names in the apostrophe ` when making MySQL queries .   In the past I've never done this.  What does the ` do?  I understand about single quotes and double quotes, but haven't come across the ` being used.  What's the deal?

Is there a difference between a single quote regex and and double quote regex ?   for example :

<?php
$res1 = preg_match('/shi*t/', $comment);
$res2 = preg_match("/shi*t/", $comment);
?>

Thank you
Edited by Dareros, 17 September 2014 - 07:07 PM.

When I add a ' or " quotes in a textarea I get a sql error when it tries to insert the record.    I was told to use mysqli_real_escape_string but that didn't work.    Here's my code -

   $blog= mysqli_real_escape_string($con, $_POST['blog']);
   

        $blog= $_POST['message'];
            
        $sql = "SELECT * FROM table WHERE `message` = '{$message}'";
        
        $result = mysql_query($sql);
        
        if ( mysql_num_rows ( $result ) > 0 )
        {
                        
            $error = "Message Exists.";
        }
        
        else
        {
        
         $error = "This message does not exist. Insert it!!!";
        
         $sql="INSERT INTO table (message) VALUES ('$_POST[message])";
        
        
        }
        
        if (!mysqli_query($con,$sql))
         {
         die('Error: ' . mysqli_error($con));
         }
        
        mysqli_close($con)

Edited by barkly, 26 October 2014 - 09:31 PM.

I'm so sorry for this question but I not really know how to play with single and double quote.

If I have a query like this:

Code: [Select]
  mysql_query('UPDATE table SET Status=1,Sending=Done WHERE ID IN ('.implode(',', $done).')');
And I wish to add Code: [Select]
SentAt='$date' in the query as well , and I try this:

Code: [Select]
  mysql_query('UPDATE table SET Status=1,Sending=Done,SentAt='$date' WHERE ID IN ('.implode(',', $done).')');
Not working...how should I write it?

Thank you.

Hi Guys,

I have 6 file upload fileds in an array. When i try to return the error messages at this link: http://www.php.net/manual/en/features.file-upload.errors.php i get an error displayed for every upload box. I was wondering if it is possible to simply return 1 error instead of the 6? For example rather than getting "No File Uploaded No File Uploaded No File Uploaded No File Uploaded No File Uploaded No File Uploaded" i simply get "No File Uploaded". Also If only some files are uploaded no error should be displayed.

The code i am using is:

foreach ($_FILES['image']['error'] as $key => $error)

{

if ($error == UPLOAD_ERR_NO_FILE)

{

echo "No File Uploaded";

}


I have tried using "break;" which works in leaving only 1 error, however the error is still displayed if less than 6 files are uploaded.

All help greatly appreciated.

Thanks

Hi guys,
I am using this oAuth library https://github.com/elbunce/oauth2-php
But more specifically these lines of code:

protected function getToken($token, $isRefresh = true) {
try {
$tableName = $isRefresh ? self::TABLE_REFRESH : self::TABLE_TOKENS;
$tokenName = $isRefresh ? 'refresh_token' : 'oauth_token';

$sql = "SELECT $tokenName, client_id, expires, scope, user_id FROM $tableName WHERE token = :token";
$stmt = $this->db->prepare($sql);
$stmt->bindParam(':token', $token, PDO::PARAM_STR);
$stmt->execute();

$result = $stmt->fetch(PDO::FETCH_ASSOC);

return $result !== FALSE ? $result : NULL;
} catch (PDOException $e) {
$this->handleException($e);
}
}


However, this is retuning no value.
If I modify the code to be:

protected function getToken($token, $isRefresh = true) {
return $token;
}

It returns the $token value, so the $token is definitely being passed to the function.

The code should return an associative array: i.e., $token["expires"], $token["client_id"], $token["userd_id"], $token["scope"], etc
Also $token should not === NULL.

PS. I run a few checks on

$tableName = $isRefresh ? self::TABLE_REFRESH : self::TABLE_TOKENS;
$tokenName = $isRefresh ? 'refresh_token' : 'oauth_token';

And they are returning the correct values.

Which from my thinking narrows it down to:

$sql = "SELECT $tokenName, client_id, expires, scope, user_id FROM $tableName WHERE token = :token";
$stmt = $this->db->prepare($sql);
$stmt->bindParam(':token', $token, PDO::PARAM_STR);
$stmt->execute();

$result = $stmt->fetch(PDO::FETCH_ASSOC);

return $result !== FALSE ? $result : NULL;


Any and all help is greatly appreciated.

Thanks in advance.

Hi, I believe this is my first post on here. First off let me say thank you for silently helping out in the past while I keep on learning PHP.

I have decided to build an image gallery, and I am having problems with the page numbering links and the breadcrumbs.

Reson I decided to build my own is that I wanted a challange to learn more.
I could not find anything that would intregrate with the site as I wanted it to (pulled as a function so offers some customising with options).

The problem that I am having is that the <a href= tag is starting to give multipul "/"s when I only need one, so that the url at the top is coming up as

http://localhost/mmv4/gallery/pics///Ax/Ax_Jo/

when I am wanting http://localhost/mmv4/gallery/pics/Ax/Ax_Jo/IMG_4244.JPG.

I have used str_replace to catch //s and more, but this then adds odd slashes on the end so the page numbeing is getting odd results. some dirs have the / on the end and some do not, so the links are sometimes "visited" and others not.

I beleve that the problem is generated in
Code: [Select]
<?php
if(isset($_GET['album'])) {
      //load the available dirs into an array so that the sneeky users cannot get further back.
      $files = scandir($gal);
      $dirs = array();
      foreach($files as $file){
         if($file != '.' && $file != '..' && $file != 'thumbs') {
            if(is_dir($gal."/".$file)) {
               $dirs[] = $file;
               //echo $file ."<br />\n";
            }
         }
      }
      
      //if(in_array($_GET['album'],$dirs)) {
         $album = "/".$_GET['album']."/";
         $album = str_replace("..", "", $album);
      //}
      //else {
      //   $output .= "<p>There is no album called \"$_GET[album]\", please select an album from below.</p>";
      //}
   }

or the breadcrumbs bit
Code: [Select]
<?php
if($crumbs == 1) {
      //bread crums
       $path = $gal.$album;
       $path = explode("/", $path);
   
   
       $crumbs = array();
       foreach($path as $key => $value) {
          if($value != ""){
             $crumbs[] = $value;
          }
       }
       // create Breadcrumbs div
   
       $output .= "<div id=\"breadcrumbs\">";
       $number = count($crumbs);
       $real = "";
       foreach($crumbs as $num => $link) {
          if ($link == $gal) {
             $link = "Gallery Home";
          }
          if ($num == $number -1) {
             $output .= $link;
          }
          else{
             if ($num >= 1){
                $real ="";
                for($x=1; $x<=$num; $x++) {
                   $real .= "/".$crumbs[$x];
                }
                $output .= "<a href=\"?album=".str_replace("/", "",$real)."\">".$link."</a>"." <- ";
             }
             else{
                $output .= "<a href=\"?album=".str_replace("/", "",$real)."\">".$link."</a>"." <- ";
             }
          }
          $num +1;
         
       }
   
       //close breadcrumbs div
       $output .= "</div>";
   }

Can any one please help me shed some light on this one, I am confused.
I can send / attach the full source if needed.

MOD EDIT: tags fixed for syntax highlighting . . .

Hi Guys
I am using an htmlarea editor and when trying to add more than 1000 characters to this area it gives me an error. The html area editor opens a text file and then posts the changes and rewrites that text file.

Any way around this to make it unlimited?

I enter the following:
select nam_last from names where nam_last = 'cohn' into a form field

When I print it in the next program I get
select nam_last from names where nam_last = \'cohn\'

Which generates an error:
SELECT Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'cohn\'' at line 1

What causes the \ to be added into the field, and how do I stop it?

This topic has been moved to PHP Applications.

http://www.phpfreaks.com/forums/index.php?topic=348057.0

Hello everyone.

I'm new here and to php mvc. Been trying to hone my skills with mvc, mysql, classes and functions. But I am stuck. Can display all blog posts from DB but not a single post. The Readmore link only leads to post 1 (or the next published post from the db). Please I need your help. My code is below. Thanx in advance.

BlogsModel.php (PDO db):

public static function getBlog($blogsID) {

try {

$db = static::getDB();

$stmt = $db->query('SELECT *

FROM blogs

WHERE blogsStatus=1 AND blogsID=blogsID

');

$result = $stmt->fetch(PDO::FETCH_ASSOC);

return $result;

} catch (PDOException $e) {

echo $e->getMessage();

}

}

Blogs.php (Controller):

public function blogAction() {

$blog = BlogsModel::getBlog($blogsID = 'blogsID');

$user = BlogsModel::getBlog($blogsUserID = 'blogsUserID');

$data = [

'blog' => $blog,

'user' => $user

];

View::renderTemplate("Services/Blogs/blog.php", $data);

}

index.php (front controller):

$router->add('blogs/{id:[\w-]+}', ['controller' => 'Services\Blogs', 'action' => 'show']);

ReadMore link:

<a id="readMore" href="/blogs/{{ blog.blogsAlias }}" >ReadMore</a>

 

i have a while loop that builds up a table of records, each row has a button that needs to have an action to delete that specific record. I can think of the obvious way around this and add a form around each row and set the button to type="submit". However there is a problem i have the entire table of records wrapped within in a form object for other functionalities.

Does anyone have a solution for this problem?

hi i need help on posting multiple inputs in a single button...while using mysql_fetch_array
here is my codes:

<?
$re6 = mysql_query('select username from users where course = "BSIT" and yearlevel = "FOURTH"');
?>
<br />
<h1>Post Grade</h1>
<h1>IT, Fourth Year</h1>
<br />Please fill the following form to send The Grade<br />
<?
$n = 0;
while($row = mysql_fetch_row($re6))
{
echo'<form action="grade_post.php" method="post">';
echo'Recipient<span class="small">(Username)</span><input type="text" value="'.$row['username'].'" readonly="readonly" id="recip" name="recip[' . $n . ']" />';
echo'Subject<input type="text" value="'.htmlentities($otitle, ENT_QUOTES, 'UTF-8').'" id="title" name="title[' . $n . ']" />';
echo'<input type="hidden" value="FOURTH" id="year" name="year[' . $n . ']" />';
echo'<input type="hidden" value="FIRST" id="sem" name="sem[' . $n . ']" />';
echo'Grade<input type="text" id="message" name="message[' . $n . ']" ><br />';
++$n;
}
?>


i get all my recipients in every input type, but when i tried to post it in my database not all of them are posted rather only one of them are posted in my database ...what i want to happen is that all of my recipients in every input type will be posted in my database with different ids'...help pls...