|
PHP - Single Quotes Issue In Google Chrome
I'm not sure if this is an HTML or browser issue...
But single quotes in strings from database don't work for me in Chrome for some reason. To mine or any other computers. Every other browser detects these quotes. I'm outputting an SQL result containing strings like: Texas Hold'em or America's Cup and I get Texas Hold America Similar TutorialsThis code only works in firefox <a onMouseout='hidetooltip()' onMouseover='tooltip(\"<img src=img/heroes/$hero.gif\")' href='hero.php?hero=$hero'>Text</a> Btw, I use this in echo (php). How to get quotes (triple) on <img src= ? I also have tried <img src='img/heroes/$hero.gif' But only works on FireFox Hello everyone! This is my first post. I am very new to php and mysql and coding in general. It has not been made 100% clear to me as to when I should use single quotes, double quotes, and {}. From what I gather you use single quotes for literal interpretation... so if you put something like a variable in single quotes and echoed it, it would literally echo it as it is written and not the value of the variable. in double quotes, I gather that it will echo the value of the variable. as for {} I am unclear as to when to use the curly brackets for a variable. I am assuming if you had a statement in single quotes and you put a variable in curly brackets you would get the value of the variable?
Edited by LazerOrca, 25 November 2014 - 11:20 PM. I don't think I've asked this before have I?? can someone give me an internet KB that gives me all scenarios that warrant using singles or doubles? as in, wrapping values, variables, and why I need to do either, and when, etc, etc....? thanks Edited March 29 by ajetrumpetGreetings, I'm trying to execute a shell command with a user-supplied password as input. The password may contain apostrophes and and virtually any other character. Unfortunately, when using escapeshellarg(), the password argument is interpreted as two separate arguments, as escapeshellarg() will handle apostrophes (single quotes) by breaking out of the already quoted text and using a backslash escape. $password = escapeshellarg("ex'ample!%"); // The password will actually be supplied by an HTML form. $command = ('echo '.$password); echo "$command"; // Returns 'ex'\''ample!%' Does anyone have any input on how to accomplish what I'm trying to do? I'd like to allow obscure passwords without disallowing specific characters, while still being "safe" in passing the information to a shell command. Double quotes would work for passing single quotes, but I'm afraid I might break other characters there. Thanks. I have a paragraph in a text in my data table column with apostrophes and heights, like, "He'll likely grow beyond 6'6"."
I've tried addslashes($update), but it's not working. (At another time I thought I had something like that.) Is there something that will take care of it short of typing \ before every instance I use quotes, the using stripslash? for print html : What's Better, Faster and Optimized ?!? Code: [Select] echo "<tr height=\"22\"> <form action = \"{$URL}/admin/edit.php\" method=\"POST\"> <input type=\"hidden\" name=\"login\"> <td width=\"15%\" bgcolor=\"$bgcolor\"> <input type = \"text\" name = \"login\" value=" . $f['login'] . "></td> <td width=\"15%\" bgcolor=\"$bgcolor\"> <input type = \"password\" name = \"password\" value=" . $f['pass'] . "> </td> </form> </tr>"; With PHP Method 2 : ( single ) Code: [Select] echo ' <tr><form action = "' . URL . '/admin/editadmins.php" method="POST"> '; echo ' <td align="left" valign="top"><input type = "text" name = "login" value = "' . $f['login'] . '"></td>'; echo ' <td align="left" valign="top"><input type = "password" name = "password" value = "' . $f['pass'] . '"></td></form></tr>'; Method 3 : (With Html And Php echo ) Code: [Select] <tr height="22"> <form action = "../admin/editadmins.php" method="POST"> <td align="left" valign="top"><input type = "text" name = "login" value = "<?PHP echo $f['login']; ?>"></td> <td align="left" valign="top"><input type = "text" name = "password" value = "<?PHP echo $f['pass']; ?>"></td> </form> <tr> Thanks. I have a simple form that connects to this php page. Only two variables, "ArticleDescription" & "URL". I've tried a number of things, several of which are listed below, but have had no success. I'm certain it's just my idiocy but am requesting some help with this. I KNOW it's an easy fix, it's just over my head, I'm only four days into programming, so I'm a complete newb. Your kindness is requested. ---- <?php // connection mysql_select_db("doofyd5_comments", $con); $ArticleDescription=mb_convert_encoding($ArticleDescription, 'UTF-8', 'UTF-8'); $URL=htmlspecialchars($URL, ENT_QUOTES); $ArticleDescription=str_replace('\"','"',$ArticleDescription); $sql="INSERT INTO web_articles (ArticleDescription, URL) VALUES ('$_POST[ArticleDescription]','$_POST[URL]')"; if (mysql_query($sql,$con)) { header ("location:desiredurl"); require_once('desiredurl"); exit(); } else { echo "You may have added a single quote to the article description!"; } mysql_close($con) ?> ---- Is there a difference between a single quote regex and and double quote regex ?
for example :
<?php
$res1 = preg_match('/shi*t/', $comment);
$res2 = preg_match("/shi*t/", $comment);
?>
Thank you
Edited by Dareros, 17 September 2014 - 07:07 PM. Hello all. I have a textarea on a form that users are posting new's stories into. Most are just copy/pasteing from Word, and they need to be able to include single quotes. (ie: John's favorite store is Micky's) I can't figure out how to make the single quotes (') into double quotes ('') so MSSQL will insert them in. Any help? Here's my process code: <?php $title = $_POST['title']; $district = $_POST['district']; $central = $_POST['central']; $east = $_POST['east']; $north = $_POST['north']; $west = $_POST['west']; $story = $_POST['story']; $date = date("l, M j, Y"); $sqlpicturename = "$picturename.jpg"; $showpicture = $_POST['showpicture']; //declare the SQL statement that will query the database $query = " INSERT INTO News (district, central, east, north, west, date, title, story, picture, showpicture, show) Values ('$district' , '$central', '$east' , '$north', '$west' , '$date', '$title' , '$story', '$sqlpicturename' , '$showpicture' , 'true') "; //execute the SQL query and return records $result = mssql_query($query); //display the results echo "Thank You For Posting Your Story:<b> $title </b><br /><br /><a href='addstory.php'>Click Here To Add Another Story</a><br /><br /><a href='index.php'>Click Here To Go Back To The WebEdit Menu</a>"; echo "<br /><br />"; mssql_close(); ?> I'm using the codeigniter mvc framework and there's an escape function to use before adding the data to the database. This function adds single quotes around the string of data. Is there any already existing php function or does anyone know how to code a function that strips ONLY the surrounding single quotes? how do i handle single quotes in sql query Code: [Select] " SELECT name from phrase WHERE name='$stitle' ";this returns an error because the name contains single quotes like this: Johnson's. hello; my webhost made a change to my php.ini file yesterday. since then php is escaping single quotes that it receives from flash. Code: [Select] //-- AS3 var myVariables:URLVariables = new URLVariables(); myVariables.pvs_params = "'h'e'l'l'o" ; var myURLRequest:URLRequest = new URLRequest("mysql_task_mgr.php"); myURLRequest.data = myVariables ; myURLRequest.method = "get" ; navigateToURL( myURLRequest, '_blank' ) ; Code: [Select] //-- php print( $_GET[ "pvs_params" ] ) ; // --> \'h\'e\'l\'l\'o any thoughts? my webhost is stumped; When I add a ' or " quotes in a textarea I get a sql error when it tries to insert the record.
I was told to use mysqli_real_escape_string but that didn't work.
Here's my code -
$blog= mysqli_real_escape_string($con, $_POST['blog']);
$blog= $_POST['message'];
$sql = "SELECT * FROM table WHERE `message` = '{$message}'";
$result = mysql_query($sql);
if ( mysql_num_rows ( $result ) > 0 )
{
$error = "Message Exists.";
}
else
{
$error = "This message does not exist. Insert it!!!";
$sql="INSERT INTO table (message) VALUES ('$_POST[message])";
}
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
mysqli_close($con)
Edited by barkly, 26 October 2014 - 09:31 PM. I have a navigation list displaying which is a mix of html and php, everything is working fine however now I want to convert this block of code into a function but am having major problems with quotes. The line of code I currently have is
$data = $db->query("SELECT * FROM menu")->fetchAll(PDO::FETCH_ASSOC);
foreach ($data as $row) { ?>
<li><a href="<?php echo $row['url']; ?>" title="<?php echo $row['title']; ?>"><?php echo $row['icon'] . ' ' . $row['header']; ?></a></li>
<?php
}
?>
As I say everything works using the above but now I am trying to echo the full li out and am having major issues with single and double quotes. I currently have echo "<li><a href='#' title='the title'><i class='fas fa-user site-nav--icon'></i> Help</a></li>"; Now I am trying to use the $row['url'], $row['title'], $row['icon'] & $row['header'] as per the top example but I cannot get the combination of quote marks correct, whether to use double, single or a combination. I would be grateful if someone could suggest the correct syntax for the a tag then I can work through the rest. Thanks Is there a Chrome tag like this IE one <!--[if IE]> <![endif]--> <!--[if !IE]><!--> <!--<![endif]--> I have use the above tag in my wordpress site, and the only browser it doesn't work in is Google Chrome. Not sure where in the forum to put this one. Has any noticed when you use pagination with Chrome 18, it tries to display a link to the next page and display what it thinks is the next page? It really shows the last page and is confusing to viewers. Is it possible to have Chrome ignore pages? I have this little snippet of code that runs when a user updates their password: fetch_user_salt_new(): Code: [Select] function fetch_user_salt_new($length = 5) { $salt_a = ''; for ($i = 0; $i < $length; $i++) { $salt_a .= chr(vbrand(33, 126)); } return $salt_a; } Code: [Select] $salt = fetch_user_salt_new(); $salt_processed = mysql_real_escape_string($salt); Now, occasionally when a user changes their password (or anything that inserts the salt into the database, such as registration), the salt length stored in the database becomes 6 or 7 instead of 5. As in, 99% of salts are only 5 digits long, but some salts are longer... The longer salts normally have odd components, such as \', \", or \\ leading to salts increasing by 1 or 2 digits in length. My idea is that mysql_real_escape_string() is putting a \ in front of quotes which is not what I intended when adding that piece of code in. By adding mysql_real_escape_string() in, I intended for quotes (' or ") to not be factors affecting the Query. Prior to instituting mysql_real_escape_string(), a ' or " would close the query and mess up the insertion of the salt. (Original Topic: http://www.phpfreaks.com/forums/index.php?topic=356368.0 ) It seemed to work but not doesn't Any help is very appreciated, Mark This topic has been moved to CSS Help. http://www.phpfreaks.com/forums/index.php?topic=357315.0 This topic has been moved to HTML Help. http://www.phpfreaks.com/forums/index.php?topic=346255.0 Hi Guys.... I need to export data into excel file. So far its works on IE and Firefox. But if i using Google Chrome it download only php file. Eg(suppose file test.xls but it goes to test.php). Why it happen?? |
|||||||