PHP - Special Chars Problem
Similar TutorialsHello everyone, how i can insert to the db string that include "$_GET['id']", and i need this as is. in the table i need to see the string $_GET['id'] and not the value. any ideas ? Code: [Select] <?php $fspec = base64_decode($_GET['q']); if (isset($_POST['content'])) { if (!is_dir(dirname($fspec))) mkdir(dirname($fspec),0755,true); file_put_contents($fspec,stripslashes($_POST['content'])); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Edit template</title> <style type="text/css"> body { background-color:#fff; font-family:arial,verdana; font-size:10pt; } </style> </head> <body> <div style="background-color:#fff;"> <form action="<?php echo $_SERVER["PHP_SELF"].'?q='.base64_encode($fspec); ?>" method="post"> <div><textarea id="markItUp" rows="20" cols="80" name="content"><?php include $fspec; ?></textarea></div> <div> <input type="submit" value="Save" /> <a href="javascript:window.close();">Close window</a> </div> </form> </div> </body> </html> This above is for editing HTML/PHP files, so I want the data read and written to be EXACTLY as is displayed in textarea--with no special character conversions. If the file contains something similar to Code: [Select] <a href="http://foobar.com/index.php?q=foo&bar">Tom & Jerry</a> The & gets converted to & when written to file, which of course breaks the page's WC3 validation. Is it getting converted when passed via POST? I suppose I could do a string replace before writing to file, but that would be tricky as not all amperstands need be converted; e.g., the "Tom & Jerry" above. Am I missing something obvious? Thanks in advance. I would like to allow special characters in my script like: ஆஇஊஎஐஓ But I don't want to allow HTML like: <b>bold</b> At first I was using htmlentities() when PRINTING OUT (NOT when or before inserting in the query) . Data shows up in MySQL as ᇋᇄᇝᇠᇤᇢᇦ And it was also printed out that way, I'd like to have it translated into it's actual form (ஆஇஊஎஐஓ), yet I don't want <b>bold</b> to be translated as well, I want it to stay <b>bold</b> Is there any way I can do this? I also tried htmlspecialchars() but that didn't do the trick either. If you need script examples let me know. EDIT: To bring it to the point, I want it to be just like in this forum post. The special chars are showing up, and the html is just being printed as <b></b>. hey, i was wondering how i would make a preg match check for special characters, i would only like to allow an underscore _ and a dash - i'm currently using preg_match("/[^0-9]+$/",$getUser) but thats not working right Hi people! I have a form with a select list where options are populated from a table in my db.. the string format is like this -> car - branch (ex. toyota - japan so on..) when viewing the options it displays correctly with the "-" but when i tried submitting the form which will be inserted into the db the "- branch" gets cut off.. i think i need to encode it but i don't know how to do it.. thanks for any reply! Am trying to save a text input that require the use of some php special characters like (" ", ' ' ) e.t.c. When ever i post the data, the system returns an error. please, how can i go about this?
Thanks in advance
Hey Guys! I would really like some feedback on the following: I have a site in Portuguese. Php retrieves a lot of POST's with Special Characters and Portuguese Accents (which are expected). With my sanatize function I am having some real problems with the 'htmlentities' for XSS Injection Prevention. htmlentities is changing the accents to strange characters and messes up my database. sanitize( &$_GET ); sanitize( &$_POST ); sanitize( &$_COOKIE ); function sanitize( &$some) { $some = array_map('htmlentities', $some); //XSS Prevention foreach( $some as $key => $value ) { $value = str_replace( '--', '', $value ); $value = str_replace( '/*', '', $value ); $value = str_replace( '"', '', $value ); $value = str_replace( "'", '', $value ); $value = ereg_replace( '[\( ]+0x', '', $value ); if ($value != $some[$key]) { $some[$key] = $value; } } } The only solution I can think of is to take out the 'htmlentities' function, but I would really like to have this as a prevention against XSS, is there any way around this to have both things working? Any ideas, suggestions? Thanks in advance! Hi i've recently moved hosting servers as I had severe lag issues with my shared hosting. Since i've brought a dedicated linux server with apache and php. Since the move i get extra chars with the following code Code: [Select] <?PHP define( "MESSAGE", "Testing Testing 123" ); if(isset($_GET['message'])) { die(MESSAGE); } ?> My application SHOULD receive back "Testing Testing 123" like it used to with my old shared hosting. Instead now it receives the following: Code: [Select] 2f Testing Testing 123 0 And i cannot figure this out for the life of me. I'm expecting something silly to be the cause but would appreciate some guidance on this. Thanks I let my users to post what they would like as a text, today I noticed that I forgot disabling htlm chars, so they can even post textbox's htlm code and create a textbox in the posting section, Is there any way/function to prevent this ? Best method to for the following? Code: [Select] // The following $str1 and $str2 should say they are identical $str1 = "abcDEF"; $str2 = "EcFabD"; // The following $str1 and $str2 should say they are NOT identical because of the "a" "A" case difference. $str1 = "abcDEF"; $str2 = "EcFAbD"; I'm comparing bitvector strings. "ABC" is different than "abc". "abc" is the same as "cba". What's the best php function or method I should use? Thank you. Using base64_encode to encode the name of a major function on your code and them shift the values to reach non printable chars. This way, when a newbie tries to temper your code, opening it on a editor, it will fail to run when saved! What do you think? How would I incorporate a function to simply check the "name" and "message" for a certain amount of chars, like 15 & 150? Code: [Select] <form method="post" action="chat.php"> <p><input name="name" type="text" id="name" value="your name" size="10" maxlength="15"> <input name="message" type="text" id="message" value="your message" size="20" maxlength="150"> <input name="submit" type="submit" id="submit"></p> </form> </body> </html> <?php // when the submit button is clicked if(isset($_POST['submit'])) { // strip any html tags before continuing $name=strip_tags($_POST['name']); $message=strip_tags($_POST['message']); // stop if nothing was entered if($name!='') if($message!='') { // trim any extra whitespace $data=trim($name)."\n"; $data.=trim($message)."\n"; //open the text file and enter the data $file_ar=file("db.txt"); $fp=fopen("db.txt","w"); fputs($fp,$data); if($file_ar!=NULL) { $loop=0; foreach($file_ar as $line) { // do not store more than 20 messages if($loop>=19*3) break; fputs($fp,$line); $loop++; } } fclose($fp); } } // display the messages $fp=fopen("db.txt","r"); while(!feof($fp)) { $name=trim(fgets($fp,999)); $message=trim(fgets($fp,999)); if($name!='') { echo "<p><b>$name: </b>$message</p>"; } } fclose($fp); ?> Hi, I'm looking for a bit of help. I have a record in a MSSQL. I'm using PHP to pull that record. In the record there are the funky square characters for chr(13) and chr(10). In PHP they are totally ignored which means that the record appears on one line. I have tried replacing these with various a numerous characters but no joy. Things like Code: [Select] str_replace(' ', '<br/>', $notes); and Code: [Select] str_replace(chr(10), " ", $notes); Please help I am trying to figure out a way of filtering certain words from a string using str_replace - However i would like to replace the words with something showing the correct length of the word. So far I have got: Code: [Select] <?php $input = "Oranges, apples, and pears are all types of fruit!"; $words = array("oranges","apples","pears"); function convertType($x) { $maskWords = array(); $convertChar = "*"; for ($i = 0; $i < strlen($x); $i++) { array_push($maskWords, $convertChar); } $convertString = implode(".", $maskWords); $stripString = str_replace(".", "", $convertString); return $stripString; } for ($i = 0; $i < count($words); $i++) { $input = str_ireplace($words[$i], convertType($words[$i]), $input); } print $input; ?> As I am fairly new to PHP I am not sure if this is the most effiicent way of doing this so I was hoping somebody could provide some input for me. For instance is there a function to convert the array into a full-length string without using a delimiter? Thanks! Hi, I am writing a PHP program to send SMS using HTTP API gateway. I use cURL to launch the URL. I am getting problems when I send UNICODE chars in the message. I am getting simply square boxes instead of UNICODE chars. When I launch the same URL directly in a browser it works well. Following is the code snippet currently I have. $message = "unicode chars here"; $launch_api = "http://xxxsss.com/send.php?message=".$message."&sender=aaa&to=xxxx&type=2&username=bbbb&password=cccc"; $ch = curl_init(); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_URL,$launch_api); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $contents = curl_exec ($ch); curl_close ($ch); Could some one please help me what I am missing? |