PHP - Allowing A Comma In The Price Field

Would someone tell me how to allow foreign letters, normal english letters and numbers using the preg_replace php function?

hi i was wondering how i would make a website that allowed a user to login and edit there website ... like im a hoster and they can have a webpage on my server... how would i do  this? allow them to create a database , and use all types of code? please help me this is important , if i didnt explain good enough please tell me

There are websites like Soundcloud, Soundclick, MySpace and more.   The Question: How to not get a law suite as a website owner when copyright protected music or in other words music from the retail has gotten uploaded?   Will moderating it and having it frequently taken down do the job?   I know that the users themselves could get researched too. The site owner could get requested to give out IP addresses. Though, I kept this separately from that question.   I basically would be looking to be safe and not get a law suite.   I would appreciate the suggestions a lot.

Hey guys,


OK, so actually I have two questions that are kind of related. The first one is how I can allow users to use <i>, <b>, <strong> tags when submitting information in a form. I would like to allow certain tags so they can emphasize things in their text, but I still want to strip the rest for security reasons. I tried using strip_tags() with some exceptions as a second parameter, but as far as I understand, that just allows them to be displayed as text, not for the browser to make text bold for instance. Below is what I have now.


function stripdata($data) {
return trim(htmlentities(stripslashes($data), ENT_QUOTES));
}

echo stripdata($someDataFromMySQL);


I also want to ask if the solution above is 100% safe so that users can not submit malicious code that can execute when users' visit a page of mine that displays that code.


Thank you in advance.

.dropbtn {
    background-color: #4CAF50;
    color: white;
    padding: 10px;
    font-size: 16px;
    border: none;
}

.dropdown {
    position: relative;
    display: inline-block;
}

.dropdown-content {
    display: none;
    position: absolute;
    background-color: #f1f1f1;
    min-width: 800px;
    box-shadow: 0px 8px 16px 0px rgba(0,0,0,0.2);
    z-index: 1;
}

.dropdown-content img {
  width: 32px;
  height: 32px;
  margin: 3px;
  position: relative;
  float: left;
}

.dropdown-content a {
    color: black;
    padding: 12px 16px;
    text-decoration: none;
    display: block;
}

.dropdown-content a:hover {background-color: #ddd;}

.dropdown:hover .dropdown-content {display: block;}

.dropdown:hover .dropbtn {background-color: #3e8e41;}

/* HIDE RADIO */
[type=radio] { 
  position: absolute;
  opacity: 0;
  width: 0;
  height: 0;
}

/* IMAGE STYLES */
[type=radio] + img {
  cursor: pointer;
}

/* CHECKED STYLES */
[type=radio]:checked + img {
  outline: 2px solid #f00;
}

<div class="dropdown">
  <button class="dropbtn">Dropdown</button>
  <div class="dropdown-content">

<form name="form" action="icons-submit/submit_icon-default.php" method="post">
  <input type="radio" id="icon_default" name="icon_default"  value="icons/default.jpg" onchange='if(this.value != 0) { this.form.submit(); }'>
  <img src="icons/default.jpg">
<input type="text" id="id" name="id" value=" . $row['id'] . " style="background: transparent;border: none;font-size: 0;">
</form>

<form name="form" action="icons-submit/submit_icon-default.php" method="post">
  <input type="radio" id="icon_default" name="icon_default"  value="icons/default.jpg" onchange='if(this.value != 0) { this.form.submit(); }'>
  <img src="icons/default.jpg">
<input type="text" id="id" name="id" value=" . $row['id'] . " style="background: transparent;border: none;font-size: 0;">
</form>

<form name="form" action="icons-submit/submit_icon-Grass_Block.php" method="post">
<label>
  <input type="radio" id="icon_grass-block" name="icon_grass-block" value="icons/Grass_Block.png"onchange='if(this.value != 0) { this.form.submit(); }'>
  <img src="icons/Grass_Block.png">
</label>
<input type="text" id="id" name="id" value=" . $row['id'] . " style="background: transparent;border: none;font-size: 0;">
</form>
<form name="form" action="icons-submit/submit_icon-gear.php" method="post">
<label>
  <input type="radio" id="icon_gear" name="icon_gear" value="icons/Gear.png"onchange='if(this.value != 0) { this.form.submit(); }'>
  <img src="icons/Gear.png">
</label>
<input type="text" id="id" name="id" value=" . $row['id'] . " style="background: transparent;border: none;font-size: 0;">
</form>
  </div>
</div>

 

I have text with an apostrophe (Bill's car) that has been encrypted and decrypted, then inserted into a database.  After it is decrypted but before inserting it, I process it with
$field1 = mysqli_real_escape_string($cxnA, $field1)

When I insert the field and view it in MySQL Query Browser, it shows the converted apostrophe: Bill&#39s car

When I select on the field
Code: [Select]
select * from table1 where field1='Bill\'s car'this returns no records

I have to use
Code: [Select]
select * from table1 where field1='Bill&#39s car'to get the record, which is very inconvenient

If I display this field in a browser using
<input type='text' name=field1 value='".htmlentities($field1Value, ENT_QUOTES, 'UTF-8')."' maxlength='50'>
I get - Bill&#39s car - in the browser, which is not what I want.

I have to use
<input type='text' name=field1 value='".htmlspecialchars_decode(htmlentities($field1Value, ENT_QUOTES, 'UTF-8'), ENT_QUOTES)."' maxlength='50'>
to get Bill's car to display.

The strange thing is that when I echo field1 before it is inserted, it shows Bill's car.

I have even tried the following to get it to insert the proper value:
$field1 = htmlspecialchars_decode(mysqli_real_escape_string($cxnA, $field1), ENT_QUOTES);
but this doesn't work either.

How do you prevent this from happening?

Thanks.

Hy! Any help on this topic would be much appreciated.

Here is the deal. I need to redirect some countries to another URL. But I need to allow a free access for search engine's bots even if they come from those countries.

Here is what I did until now:

Used MaxMind PHP API and databases to establish redirect. And then tried to modify the code to redirect ONLY if user is from blocked country AND IS NOT allowed crawler... suprise suprise, it's not working as I imagined:)!

Here is the code so far:

#!/usr/bin/php -q
<?php

// This code demonstrates how to lookup the country by IP Address

include("geoip.inc");

// Uncomment if querying against GeoIP/Lite City.
// include("geoipcity.inc");

$gi = geoip_open("GeoIP.dat",GEOIP_STANDARD);
$country = geoip_country_code_by_addr($gi, $_SERVER['REMOTE_ADDR']);
geoip_close($gi);

$my_countries = array('de', 'se', 'no', 'ee', 'it', 'lv', 'cz', 'dk', 'sk', 'at', 'ch', 'lu', 'nl', 'es', 'hu', 'sg', 'gr', 'ua', 'fi', 'ru', 'cn', 'hk', 'my', 'id', 'us', 'ar', 'mx', 'ec', 'cr', 'py', 'br');
$allowed_spiders = array('Googlebot', 'Yammybot', 'Openbot', 'Yahoo', 'MSNbot', 'Ask Jeeves', 'Teoma', 'Architext spider', 'FAST-WebCrawler', 'Slurp', 'Yahoo Slurp', 'ia_archiver', 'Scooter', 'crawler@fast', 'Crawler', 'InfoSeek sidewinder', 'Lycos_Spider_(T-Rex)');
$agent_name = $_SERVER['HTTP_USER_AGENT'];


if (in_array(strtolower($country), $my_countries)) {
         foreach($allowed_spiders as $s){
                if(!strpos($s,$agent_name)){
                     header('Location: www.REDIRECT URL.com');
                }
        }
exit;
}


?>


How I imagined this code should work is: First check from where is user coming. Then compare GeoIP shortcode for country to shortcodes for banned countries. AND then if traffic is indeed from banned country also check if user agent name has anything in it from an array of allowed spider names (Googlebot can be Googlebot, or Googlebot/2.1 for an example). And if it's not allowed spider then redirect user to another address.

I tried many variations of this but nothing seems to work. Each time that I tried to fetch page as a googlebot in webmaster, I got 302 redirection. Any help or guidance here MUCH appreciated.

Thank you PHP JEDI in advance !!

I would like to allow special characters in my script like:

ஆஇஊஎஐஓ

But I don't want to allow HTML like:
<b>bold</b>

At first I was using htmlentities() when PRINTING OUT (NOT when or before inserting in the query) .

Data shows up in MySQL as &#4555;&#4548;&#4573;&#4576;&#4580;&#4578;&#4582;

And it was also printed out that way, I'd like to have it translated into it's actual form (ஆஇஊஎஐஓ), yet 
I don't want <b>bold</b> to be translated as well, I want it to stay <b>bold</b>

Is there any way I can do this?

I also tried htmlspecialchars() but that didn't do the trick either.

If you need script examples let me know.


EDIT: To bring it to the point, I want it to be just like in this forum post.

The special chars are showing up, and the html is just being printed as <b></b>.

I know the title is a bit confusing but I wasn't exactly sure how to describe my issue and none of my numerous searches online and here returned any positive results for a solution.

What I'm trying to do is allow a user to 'choose' one set from multiple sets of numbers for inclusion into the database. The image below should with the visualization of my goal.   As you can see from the above image, there's a "button" to the right that states "keep this set". My goal is to allow the user to click the button and the corresponding set of values is then entered into the database as a string (the values aren't being used in any calculations afterwards just being displayed on screen.)

The following code below works for auto-insertion if there's only one set generated but nothing I've attempted so far works when it comes to allowing the user to choose one set they'd like entered.

    <?php

additional code here...

    echo '<table><tr><td>';

    for($i=1; $i<=$Sets; $i++){
        $Stat_Results = GenStats($uId, $StartSet, $SetOption);

        echo "Stat values for ".$SetGenerated[$i];

       foreach($Stat_Results as $key => $DisplayStats){
              echo $DisplayStats.', ';
       }

       if($Sets == 1){
         $SetResults = implode(',',$Stat_Results);
         DB_Insert($uId, $SetResults, $TimeStamp);    
       }else if($Sets >= 2){
         echo "</td><td> => <input type='button' name='submit' value='keep this set'></td>
         <tr><td>";
       }
    }    
    echo '</td></tr></table>';
    ?>

html below here....

Variables: $sId, $StartSet, $SetOption, $Sets, $uId, and $TimeStamp are all set in a section not shown in this snippet.

I've tried Javascript but too be honest, I'm not all that familiar with it (though I am trying to become more fluid in it) and I've went so far as to try to create the multiple sets as a dropdown box thinking the user could simply select it from there and it be treated as a dynamic form and php would do the rest. But that didn't work either. The form button for submission is the remnant of the <select> list I tried to generate. The form is no longer there. I left the button in to generate the image you see above and has since been removed from the actual code.

I admit, I'm stuck and need some guidance because I can't seem to make this work no matter what I do. I realize $Stat_Results is a multidimensional array and contains all the values of each set in their respective array, but so far, I'm at a stand still on properly retrieving those values for insertion.

Thanks to all who read and attempt to help!
Edited by Cryotech, 01 December 2014 - 03:08 PM.

My server is Linux/Apache/PHP.   When a file is uploaded, I use PHP's finfo_open to confirm that the file have the correct file extension matches and delete them if it doesn't match.  I also which file mimi types and size could be uploaded.   Things I do with the files include: Upload user's files and store them in some public directory (/var/www/html/users_public_directory/), and allow other users to directly download them. Upload user's files and store them in some private directory (/var/www/users_private_directory/), and allow other users to download them using X-Sendfile. Upload user's ZIP files and convert them to PDF files (unzip the ZIP file, and uses Libreoffice and Imagemagick's convert to convert them to PDFs). From the server's prospective, what are the risks of allowing users to upload files?  Are there some file types which are more dangerous to the server?  Could they be executed on the server, and if so, how could this be prevented?

This seems like such a simple error, however I've no idea why I am getting it.

apparently I have an unexpected comma on line 4 of the code below.  I can't work out what the error is.

Any ideas?  Sorry to be a pain if it really is something simple, but I'm a bit new to all this php stuff.

<?php
function percentCalc($value1,$value2,$value3,$value4,$value5,$total)
{
$array=($value1,$value2,$value3,$value4,$value5);
while (list($key,$arraycontent)= each($array))
{
$c_percent=(($arraycontent/$total)*100);
$final_array[]=$c_percent;
}

return $final_array;
}
?>

Hi All,
I'm sure there is an easy solution for this but I am unable to find it.
I am new to PHP and after a little help...

the via data is stored in a database in this format... |51.105166,-1.695971|51.011055,-2.1068|50.945233,-2.617664||||

I'm trying to find a way of loosing the last comma if there are 1 or more entries, any ideas guys.



What I'm getting is : Code: [Select]
var points = [{location: '51.105166,-1.695971'},{location: '51.105166,-1.695971'},];
What I'm after is: Code: [Select]
var points = [{location: '51.105166,-1.695971'},{location: '51.105166,-1.695971'}];

Code: [Select]
<?php
if($via != null){
echo "var points = [";
foreach($via as $point){
if($point != ""){
echo "{location:";
echo " '".$point."'";
echo "},";
}
}
echo "];\n";
}
?>

Lets say I pull a value from a database field that has a value of 1,2 and what I want to do is seperate them and then run each of those values against a separate table how would that be accomplished.

Hi,
If I need to put commas within a variable how can this be achieved?

i.e. if statement..... {
$output = "text1,text2,text3";

Incase your wondering what I'm trying to do.. basically im using a header file on my site... i want different keywords within the meta tags depending on the page the user is on, so i want to include aprox 20 keywords in the $output which will be inserted in the comma area of the meta tags.


Probably quite an easy way to do it but I'm not sure how to do it! Any help appreciated!

Hey,
i got this code which takes info from mysql:

  while ($row= mysql_fetch_array($result)) {
  $title = $row["alertid"];
  $title2 = $row["alerttext"];
  $title3 = $row["alertdate"];



$bla = "{\"alertid\":\"$title\",\"alerttext\":\"$title2\",\"alertdate\":\"$title3\"},";

echo "$bla";
}

it is displayed like this:

[{"alertid":"1","alerttext":"text1","alertdate":"date1"},{"alertid":"2","alerttext":"text2","alertdate":"date2"},{"alertid":"3","alerttext":"text3","alertdate":"date3"},]


I wanted to ask, how can I remove the last comma, after date3"}, but keep other commas..?