|
PHP - Mysql_real_escape_string Function Clearing Values
Morning All,
Should be a quick one for the seasoned veterans! I'm learning the in's and out's of sanitizing my variables for input into my database (mysql). The following is my code; Code: [Select] $Username = mysql_real_escape_string($_POST['username']); $PWord = mysql_real_escape_string($_POST['pword']); $Email = mysql_real_escape_string($_POST['email']); $Fullname = mysql_real_escape_string($_POST['fullname']); $Address_1 = mysql_real_escape_string($_POST['address_1']); $Address_2 = mysql_real_escape_string($_POST['address_2']); $City = mysql_real_escape_string($_POST['city']); $Zip = mysql_real_escape_string($_POST['zip']); $Country = mysql_real_escape_string($_POST['country']); The following is my output; Error executing INSERT statement - INSERT INTO tblUser(User_Name, Full_Name, Email, Address_1, Address_2, City, Zip, Country, PWord)VALUES ('','','','','','','','','') Any ideas? Also; is mysql_real_escape_string valid for use on all types of input from the input box? Similar Tutorialshello. im having a little trouble with a function say i have a function that gets the nav title and header. how do i echo the results out on the page ok, this is an example: Code: [Select] function nav($title, $link){ $title = "this is the title"; $link = "this is the link"; } this is the page: Code: [Select] //FIND FUNCTIONS.PHP <?PHP require_once("includes/initialize.php"); ?> //FIND THE FUNCTION <?PHP nav($title, $link); ?> <h1><?php echo $title; ?></h1> <ul> <li><?php echo $link; ?></li> </ul>; THE ABOVE DOES NOT WORK i also tried this but it does not work . Code: [Select] function nav($title, $link){ $title = "this is the title"; $link = "this is the link"; return $title; return $link; } THANKS Hi Guys
I am a rookie here... I have a function which gets information from a postgres database. And returns an array. But how do I echo a single value from the array returned by the function. Please see function below:
function getDate($campid) I have two pages of php. one is page1.php and the other is page2.php. In page1.php there is a function which dynamically creates a form of html and return the full form at the end of the function. And I want to the function to return a 2nd variable with the form. and i get that variable on page2.php. How can i do this??? this is part of my code how should i make fwrite to get in txt file name,Level,CT,Kills,Deaths,killdeaths,AS values ? any help will be welcome Code: [Select] $file="$name.txt"; $open=fopen($file,"a"); if($open){ fwrite($open,$name,$Level,$CT,$Kills,$Deaths,$killdeaths,$AS); fclose($open); } Im trying to understand the code below. (taken from an O'REILLY book) Im trying to get my head around this, so can anyone tell me if im thinking about this in the right way; The function (fix_names) borrows the values from $a1,$a2 and $a3 and puts them into $n1,$n2, and $n3. It then processes the strings contained within these newly created variables and then returns the processed values back into $a1,$a2,and $a3? The variables $n1,$n2, and $n3 cannot be echoed as they were created within the function.? Please correct me if im wrong. Code: [Select] <html> <head> </head> <body> <?php $a1 = "EDWARD"; $a2 = "thomas"; $a3 = "wriGHT"; fix_names($a1,$a2,$a3); echo $a1." ".$a2." ".$a3; function fix_names(&$n1,&$n2,&$n3) { $n1 = ucfirst(strtolower($n1)); $n2 = ucfirst(strtolower($n2)); $n3 = ucfirst(strtolower($n3)); } ?> </body> </html> Code: [Select] header("Location: index.php?x=y") , i had seen people having this problem when i was asking too.. about adding GET values to a change header function... Anyone still need this help? not sure if this is possible but i do not know how to return multiple values and read them where the call was made. Code: [Select] $string = "clause1"; func1($string); // somehow read the response and use the return values seperately. // both $string2 and $string3 Code: [Select] function func1($input) { if ($input == "clause1") { $string2= "value2"; $string3= "value6"; } if ($input == "clause2") { $string2= "value3"; $string3= "value7"; } if ($input == "clause3") { $string2= "value4"; $string3= "value8"; } if ($input == "clause4") { $string2= "value5"; $string3= "value9"; } return ($requesttype, $messagetitle); } Ok, starting around line 137 with the functions..... Commented well. Just not sure If im doing it right. Any help greatly appreciated. Basic stuff and still learning. Just trying to figure out if Im passing by reference correctly or if not how to do it. Thanks. php File is attached but heres a snippet. Thanks in advance. Peace, Adam // The grand total and the item total need to be passed BY REFERENCE. function show_table_contents($cart_items, $table, &$grand_total, &$item_total) Hello I am on to OOP now and I dont know how to write the syntax to print the results I want The scenario is I have the abstract class, its subclass and then the object that calls the subclass, all in different files. So: part of the subclass reads: Code: [Select] function __construct($v1, $v2, $v3) { $this->speed[] = $v1; // I dont like this either, it is not elegant. I tried to put an array as argument of the constructor and send the parameters $this->speed[] = $v2; // from the object being created, but it did not work, so I leave it like this for now, but I would have preferred to put that $this->speed[] = $v3; // array and then populate it by some looping. } // METHOD TO REPORT TABLE OF ACCELERATION public function acceleration() { return $this->acceleration1 = ($this->speed[1] - $this->speed[0])/5; // I actually need to return the other two speed differences from the other stages, but as you know, once the first return acts, it exits the function // so sure this "return" has to be abandoned and the results of the function have to be printed otherwise. That is the question. } =================================== And now from the Object file I am trying to call the function, but of course, I only get one value, even if I write 3 times return Code: [Select] $objeto = new Motorbike($v1, $v2, $v3); echo '<p>The speeds are ' . $objeto->acceleration() . '</p>'; // Yes, this call works, of course, but that is about it. I cant print any other result. Thanks a lot Moodle 2.5 *nix server Theme: Essential ---------------------- Hi Folks I have a small mind bender in how php is returning results from a mysql query. There are two issues: 1) The mysql query from phpmyadmin is correct, while the php function that handles the query from the website is not. 2) It takes a very long time to run this query with php, 30 seconds to over a minute. Phpmyadmin is rather quick (Query took 0.0239 seconds). The query is:
SELECT u.firstname AS 'Name' , u.lastname AS 'Surname', c.shortname AS 'Course', (
CASE
WHEN gi.itemname LIKE '%summative%' THEN 'SUMMATIVE'
WHEN gi.itemname LIKE '%formative 2%' THEN 'FORMATIVE 2'
ELSE 'MC'
END) AS 'Assessment', from_unixtime(gi.timemodified, '%d/%m/%y') AS 'Date',
IF (ROUND(gg.finalgrade / gg.rawgrademax * 100 ,2) > 70,'Yes' , 'No') AS Pass, ROUND(gg.finalgrade / gg.rawgrademax * 100 ,2) AS 'Mark', ROUND(gg.finalgrade / gg.rawgrademax * 100 ,2) AS 'Mark'
FROM mdl_course AS c
JOIN mdl_context AS ctx ON c.id = ctx.instanceid
JOIN mdl_role_assignments AS ra ON ra.contextid = ctx.id
JOIN mdl_user AS u ON u.id = ra.userid
JOIN mdl_grade_grades AS gg ON gg.userid = u.id
JOIN mdl_grade_items AS gi ON gi.id = gg.itemid
JOIN mdl_course_categories AS cc ON cc.id = c.category
WHERE gi.courseid = c.id
AND gi.itemname != 'Attendance'
AND u.firstname LIKE '%03%'
AND gi.itemname LIKE '%mative%'
ORDER BY `Name` , `Surname` , `Course`, `Assessment` ASC
When I run the query in phpmyadmin , it gives back;Name Surname Category Module Course Assessment Date Competent Mark G03 Itumeleng Velmah Mokwa Fundamentals Communications CO1 119472 FORMATIVE 2 07/04/14 Yes 100.00 G03 Itumeleng Velmah Mokwa Fundamentals Communications CO1 119472 SUMMATIVE 07/04/14 Yes 100.00 G03 Itumeleng Velmah Mokwa Fundamentals Communications CO2 119457 FORMATIVE 2 05/04/14 Yes 100.00 G03 Itumeleng Velmah Mokwa Fundamentals Communications CO2 119457 SUMMATIVE 05/04/14 Yes 88.00 G03 Lally Sheila Mokane Fundamentals Communications CO1 119472 FORMATIVE 2 07/04/14 NYC 59.00 G03 Lally Sheila Mokane Fundamentals Communications CO1 119472 SUMMATIVE 07/04/14 Yes 90.00 G03 Lally Sheila Mokane Fundamentals Communications CO2 119457 FORMATIVE 2 05/04/14 Yes 100.00 G03 Lally Sheila Mokane Fundamentals Communications CO2 119457 SUMMATIVE 05/04/14 Yes 98.00And it is perfect so I have no issues with that. Now in php I call;
function print_overview_table_groups($COURSE, $choosegroup, $fromdate, $todate, $numarray)
{
global $DB;
//check data
if(!$choosegroup){
die('No Records To Display.');
}
$thisgroup = $numarray[$choosegroup];
$sql = "SELECT DISTINCT u.firstname AS 'Name' , u.lastname AS 'Surname',
(CASE
WHEN cc.parent = '2' THEN 'Fundamentals'
WHEN cc.parent = '3' THEN 'Core'
WHEN cc.parent = '4' THEN 'Elective'
END) AS 'Category',
cc.name AS 'Module',
c.shortname AS 'Course',
(CASE
WHEN gi.itemname LIKE '%summative%' THEN 'SUMMATIVE'
WHEN gi.itemname LIKE '%formative 2%' THEN 'FORMATIVE 2'
ELSE 'MC'
END) AS 'Assessment', from_unixtime(gi.timemodified, '%d/%m/%y') AS 'Date',
IF (ROUND(gg.finalgrade / gg.rawgrademax * 100 ,2) > 70,'Yes' , 'NYC') AS Competent, ROUND(gg.finalgrade / gg.rawgrademax * 100 ,2) AS 'Mark'
FROM mdl_course AS c
JOIN mdl_context AS ctx ON c.id = ctx.instanceid
JOIN mdl_role_assignments AS ra ON ra.contextid = ctx.id
JOIN mdl_user AS u ON u.id = ra.userid
JOIN mdl_grade_grades AS gg ON gg.userid = u.id
JOIN mdl_grade_items AS gi ON gi.id = gg.itemid
JOIN mdl_course_categories AS cc ON cc.id = c.category
WHERE gi.courseid = c.id
AND gi.itemname != 'Attendance'
AND u.firstname LIKE '%03%'
AND gi.itemname LIKE '%mative%'
ORDER BY `Name` , `Surname` , `Course`, `Assessment` ASC";
return $DB->get_records_sql($sql);
}
This is returned to the index.php page from the function call;$lists = print_overview_table_groups($COURSE, $choosegroup, $fromdate, $todate, $numarray); print "<pre>"; print_r($lists); print "</pre>";The result is baffling...
Array
(
[G03 Itumeleng] => stdClass Object
(
[name] => G03 Itumeleng
[surname] => Mokwa
[category] => Fundamentals
[module] => Communications
[course] => CO2 119457
[assessment] => SUMMATIVE
[date] => 05/04/14
[pass] => Yes
[mark] => 88.00
)
[G03 Lally] => stdClass Object
(
[name] => G03 Lally
[surname] => Mokane
[category] => Fundamentals
[module] => Communications
[course] => CO2 119457
[assessment] => SUMMATIVE
[date] => 05/04/14
[pass] => Yes
[mark] => 98.00
)
)
I only get one record for each student.Can anyone help me solve this? Regards Leon This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=348942.0 i'm creating a ticketing system and i need some assistance. The code directly below displays the database records and the delete works fine. The edit however isn't picking the values in the various fields.
<?Php
require "config.php";
$page_name="currentout.php";
$start=$_GET['start'];
if(strlen($start) > 0 and !is_numeric($start)){
echo "Data Error";
exit;
}
$eu = ($start - 0);
$limit = 10;
$this1 = $eu + $limit;
$back = $eu - $limit;
$next = $eu + $limit;
$nume = $dbo->query("select count(id) from receipt")->fetchColumn();
echo "<TABLE class='t1'>";
echo "<tr><th>ID</th><th>Name</th><th>Pass</th><th>Amount</th><th>Action</th></tr>";
$query=" SELECT * FROM receipt limit $eu, $limit ";
foreach ($dbo->query($query) as $row) {
@$m=$i%2;
@$i=$i+1;
echo "<tr class='r$m'><td>$row[id]</td><td>$row[name]</td><td>$row[phone_num]</td><td>$row[Amount]</td><td><a href='delete.php?id=$row[id]'>delete</a></td><td><a href='edit.php?id=$row[id]'>Edit</a></td></tr>";
}
echo "</table>";
if($nume > $limit ){
echo "<table align = 'center' width='50%'><tr><td align='left' width='30%'>";
if($back >=0) {
print "<a href='$page_name?start=$back'><font face='Verdana' size='2'>PREV</font></a>";
}
echo "</td><td align=center width='30%'>";
$i=0;
$l=1;
for($i=0;$i < $nume;$i=$i+$limit){
if($i <> $eu){
echo " <a href='$page_name?start=$i'><font face='Verdana' size='2'>$l</font></a> ";
}
else { echo "<font face='Verdana' size='4' color=red>$l</font>";}
$l=$l+1;
}
echo "</td><td align='right' width='30%'>";
if($this1 < $nume) {
print "<a href='$page_name?start=$next'><font face='Verdana' size='2'>NEXT</font></a>";}
echo "</td></tr></table>";
}
?>
The code below is edit.php. It's supposed to display the various fields when clicked to allow for editing but it isn't picking any field, PLEASE assist.
<?Php
require "config.php";
$sql = "SELECT FROM receipt WHERE ID= :ID";
$stmt = $dbo->prepare($sql);
$stmt->bindParam(':ID', $_GET['id'], PDO::PARAM_INT);
$stmt->execute();
?>
<form action="update.php" method="post" enctype="multipart/form-data">
<table align="center">
<tr>
<td> <label><strong>Full Names</strong></label></td>
<td> <input type='text' name='name' value=" <?php echo $row['name']; ?>" />
<input type="hidden" name="id" value="<?php echo $id; ?> " /> <br /></td>
</tr>
<tr>
<td><label><strong>ID/Passport No. </strong></label></td>
<td> <input type="text" name="pass" value="<?php echo $row['id_passno']; ?> " /><br /></td>
</tr>
<tr>
<td> <label><strong>Phone No. </strong></label></td>
<td><input type="text" name="phone" value="<?php echo $row['phone_num']; ?>" /> <br /></td>
</tr>
<tr>
<td> <label><strong>Amount (KShs.) </strong></label></td>
<td><input type="text" name="amount" value="<?php echo $row['Amount']; ?> "/> <br /></td>
</tr>
<tr>
<td>
<input type="reset" name="Reset" value="CANCEL" onClick="return confirm('Discard changes?');" />
<br></td>
<td>
<input type="submit" name="Submit2" value="SUBMIT" />
</td>
</tr>
</table>
</form>
i'm creating a ticketing system and i need some assistance. The code directly below displays the database records and the delete works fine. The edit however isn't picking the values in the various fields.
<?Php
require "config.php";
$page_name="currentout.php";
$start=$_GET['start'];
if(strlen($start) > 0 and !is_numeric($start)){
echo "Data Error";
exit;
}
$eu = ($start - 0);
$limit = 10;
$this1 = $eu + $limit;
$back = $eu - $limit;
$next = $eu + $limit;
$nume = $dbo->query("select count(id) from receipt")->fetchColumn();
echo "<TABLE class='t1'>";
echo "<tr><th>ID</th><th>Name</th><th>Pass</th><th>Amount</th><th>Action</th></tr>";
$query=" SELECT * FROM receipt limit $eu, $limit ";
foreach ($dbo->query($query) as $row) {
@$m=$i%2;
@$i=$i+1;
echo "<tr class='r$m'><td>$row[id]</td><td>$row[name]</td><td>$row[phone_num]</td><td>$row[Amount]</td><td><a href='delete.php?id=$row[id]'>delete</a></td><td><a href='edit.php?id=$row[id]'>Edit</a></td></tr>";
}
echo "</table>";
if($nume > $limit ){
echo "<table align = 'center' width='50%'><tr><td align='left' width='30%'>";
if($back >=0) {
print "<a href='$page_name?start=$back'><font face='Verdana' size='2'>PREV</font></a>";
}
echo "</td><td align=center width='30%'>";
$i=0;
$l=1;
for($i=0;$i < $nume;$i=$i+$limit){
if($i <> $eu){
echo " <a href='$page_name?start=$i'><font face='Verdana' size='2'>$l</font></a> ";
}
else { echo "<font face='Verdana' size='4' color=red>$l</font>";}
$l=$l+1;
}
echo "</td><td align='right' width='30%'>";
if($this1 < $nume) {
print "<a href='$page_name?start=$next'><font face='Verdana' size='2'>NEXT</font></a>";}
echo "</td></tr></table>";
}
?>
The code below is edit.php. It's supposed to display the various fields when clicked to allow for editing but it isn't picking any field, PLEASE assist.
<?Php
require "config.php";
$sql = "SELECT FROM receipt WHERE ID= :ID";
$stmt = $dbo->prepare($sql);
$stmt->bindParam(':ID', $_GET['id'], PDO::PARAM_INT);
$stmt->execute();
?>
<form action="update.php" method="post" enctype="multipart/form-data">
<table align="center">
<tr>
<td> <label><strong>Full Names</strong></label></td>
<td> <input type='text' name='name' value=" <?php echo $row['name']; ?>" />
<input type="hidden" name="id" value="<?php echo $id; ?> " /> <br /></td>
</tr>
<tr>
<td><label><strong>ID/Passport No. </strong></label></td>
<td> <input type="text" name="pass" value="<?php echo $row['id_passno']; ?> " /><br /></td>
</tr>
<tr>
<td> <label><strong>Phone No. </strong></label></td>
<td><input type="text" name="phone" value="<?php echo $row['phone_num']; ?>" /> <br /></td>
</tr>
<tr>
<td> <label><strong>Amount (KShs.) </strong></label></td>
<td><input type="text" name="amount" value="<?php echo $row['Amount']; ?> "/> <br /></td>
</tr>
<tr>
<td>
<input type="reset" name="Reset" value="CANCEL" onClick="return confirm('Discard changes?');" />
<br></td>
<td>
<input type="submit" name="Submit2" value="SUBMIT" />
</td>
</tr>
</table>
</form>
This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=359130.0 This code gives an error. Please help fix. $mydb = mysql_connect("localhost","my_un","my_pw"); mysql_select_db("my_db"); $query =sprintf("SELECT * FROM idb1 WHERE username = '%s' AND authority = 'Banned'", mysql_real_escape_string($userNm)); if(mysql_num_rows($query)) { $login = "&err=Not allowed."; echo($login); } else { $result=sprintf("SELECT * FROM idb1 WHERE username = '%s' AND password ='%s'", mysql_real_escape_string($userNm), mysql_real_escape_string($passWd)); if(mysql_num_rows ($result) == 0) { $login = "&err=Retry!!"; echo($login); } else { $row = mysql_fetch_array($result); $userNm=$row['username']; $passWd=$row['password']; $login = "$userNm=" . $userNm . "$passWd=" . $passWd . "&err=Successful."; echo($login); } } I have a form that allows users to submit to a database and for security reasons I am using mysql_real_scape_string on all of their input values. However this means that if the user puts something in speech marks such as "hello" It will then show up in the database as \"hello\" This means that whenever I fetch anything from the database it will have slashes in which doesn't look good. How do other people get round this problem. When I fetch something from my database should I do a string replace and just delete these slashes or is there a better method? Thanks for any help. Is it correct to use mysql_real_escape_string() function on every query that i wonna insert or search ? I have fields like TEXT(dectription of article), VARCHAR(name of article) and more like that, and is there correct to use mysql_real_escape_string for all fields when query is INSERT ? Good morning,
I am trying to implement a simple sanitization of data before inserting in my database and am having a little trouble due to the fact that I am using a third party script that is accessing posted variables in a way that is unfamiliar to me... here's the data. The problem area is red. The form simply hangs up when submitted. I have used this method in the past, but not with an object operator.
// insert into database Hi, just wondering do i need to use mysql_real_escape_string() on login information (username and password). I use it as shown below but get an error when connecting. Code: [Select] if(isset($_POST['submit'])){ if( empty($_POST['uname']) && (empty($_POST['upass']))){ header( "Location:Messages.php?msg=1" ); exit(); } $n=mysql_real_escape_string($_POST['uname']); $p=mysql_real_escape_string($_POST['upass']); include('config.php'); $query="select * from country where uname='$n' and pw='$p'"; $result=mysql_query($query); |
|||||||