PHP - Strange Behavior: Php Is Escaping Single Quotes From Flash

I've got a file with some strings that have both types of quotes in them.  And I seem to have managed to get the data, display it in my html, store it in a js array (using a json_encode in php and then simply inserting it into my js) but I cannot seem to pass the string as a parameter form an onclick function call to js.    For most strings the addslashes makes it work in the function call.  But for those with both sets of quotes it won't work.  My console tells me there are "unterminated string constants..".  I've experimented with many silly changes but none make it work.   Ex. of the strings:   What do you mean "It's crooked"?   Of course I could remove the contraction and that would probably work, but that would be a hack, would not it?

Greetings,

I'm trying to execute a shell command with a user-supplied password as input.  The password may contain apostrophes and and virtually any other character.  Unfortunately, when using escapeshellarg(), the password argument is interpreted as two separate arguments, as escapeshellarg() will handle apostrophes (single quotes) by breaking out of the already quoted text and using a backslash escape.


$password = escapeshellarg("ex'ample!%");  // The password will actually be supplied by an HTML form.

$command = ('echo '.$password);

echo "$command";

// Returns 'ex'\''ample!%'


Does anyone have any input on how to accomplish what I'm trying to do?  I'd like to allow obscure passwords without disallowing specific characters, while still being "safe" in passing the information to a shell command.  Double quotes would work for passing single quotes, but I'm afraid I might break other characters there.

Thanks.

So i am currently coding database connection class and i have encountered very strange behavior from my script.

base.class.php:
Code: [Select]

<?php

class base{
   
    private $settings;
 

    function get_settings(){
       
        $settings["dbhost"] = 'localhost';
        $settings["dbuser"] = '*****';
        $settings["dbpass"] = '*****';
        $settings["dbname"] = 'core';
        return $settings;
      
        }
    }


?>


database.class.php
Code: [Select]

<?php

require_once 'base.class.php';





class database extends base{
    
    
    private $query_now;
    private $link;
    
   
    public function __construct(){
       
        $settings = base::get_settings();
        

      
        $dbhost = $settings["dbhost"];
        $dbuser = $settings["dbuser"];
        $dbpass = $settings["dbpass"];
        $dbname = $settings["dbname"];
              
        
        
        $this->link = mysql_connect($dbhost, $dbname, $dbpass) or die ("Could not connect to the mysql database");
        mysql_select_db($dbname, $this->link) or die ("Could not select the database"); 
        
        }
        
        
        
   
        function query($query){
            
            $this->query_now = $query;
            return mysql_query($query, $this->link);
        
            }
        
      
        function getArray($result){
            
            return mysql_fetch_array($result);
            
            
            }
  
    
    }

    
    



?>
When i try to create an instance of database class, i get mysql_connect error. I have tried to echo my array and it seems that correct information is being passed over. Now the strange thing is if i remove my password from the base class i don't get a mysql_connect error but this time instead i get "Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'core'@'localhost' (using password: YES) " In case you are wondering, does my mysql database user has a password, the answer is: yes for sure... (Also i have tried to setup a simple script for connecting to my database and everything worked fine) So any ideas?

I'm returning a table row that contains information about a file, but it seems in IE versions older than 10, it is cutting off some of the returned json when being used.   The data is being returned properly as seen in the following json:

{"file_name":"<i class='video'><\/i> <a href=\"\/Development\/test(4).mp4\" class=\"is_file\" target=\"_blank\">test(4).mp4<\/a>"}

But when you use it, it cuts off the html.  A simple alert will return

</i> test(4).mp4</a>

and same when appending it and the sort.  It is also happening for another part of HTML that is being returned properly in the json.  It is working for everything else that is returned.   I have been searching around for a very long time trying to find why this is happening.  Has anyone other than me encountered this?

I have a simple form that connects to this php page. Only two variables, "ArticleDescription" & "URL". I've tried a number of things, several of which are listed below, but have had no success. I'm certain it's just my idiocy but am requesting some help with this. I KNOW it's an easy fix, it's just over my head, I'm only four days into programming, so I'm a complete newb. Your kindness is requested.

----
<?php

// connection

mysql_select_db("doofyd5_comments", $con);

$ArticleDescription=mb_convert_encoding($ArticleDescription, 'UTF-8', 'UTF-8');
$URL=htmlspecialchars($URL, ENT_QUOTES);
$ArticleDescription=str_replace('\"','&quot;',$ArticleDescription);

$sql="INSERT INTO web_articles (ArticleDescription, URL) VALUES ('$_POST[ArticleDescription]','$_POST[URL]')";

if (mysql_query($sql,$con)) {
    header ("location:desiredurl");
    require_once('desiredurl");
    exit();
    }
    else {

echo "You may have added a single quote to the article description!";
}

mysql_close($con)

?>
----

for print html : What's Better, Faster and Optimized ?!?

Code: [Select]
echo "<tr height=\"22\">
    <form action = \"{$URL}/admin/edit.php\" method=\"POST\">
      <input type=\"hidden\" name=\"login\">
      <td width=\"15%\" bgcolor=\"$bgcolor\">&nbsp;<input type = \"text\" name = \"login\" value=" . $f['login'] . "></td>
      <td width=\"15%\" bgcolor=\"$bgcolor\">&nbsp; <input type = \"password\" name = \"password\" value=" . $f['pass'] . "> </td>
    </form>
        </tr>";

With PHP Method 2 : ( single )

Code: [Select]
echo ' <tr><form action = "' . URL . '/admin/editadmins.php" method="POST"> ';
 echo ' <td align="left" valign="top"><input type = "text" name = "login" value = "' . $f['login'] . '"></td>';
 echo ' <td align="left" valign="top"><input type = "password" name = "password" value = "' . $f['pass'] . '"></td></form></tr>';

Method 3 : (With Html And Php echo )

Code: [Select]
<tr height="22">
<form action = "../admin/editadmins.php" method="POST">
<td align="left" valign="top"><input type = "text" name = "login" value = "<?PHP echo $f['login']; ?>"></td>
<td align="left" valign="top"><input type = "text" name = "password" value = "<?PHP echo $f['pass']; ?>"></td>
</form>
<tr>
Thanks.

Current time when testing was: 1291064453

I run the following: echo date('m/d/y', strtotime('first day', 1291064453));
Expecting: 11/1/10

What I actually get: 11/30/10

Can anyone explain this?

Hi guys,

In my connection.php I have:

$db->query("DROP TABLE IF EXISTS mydata") ;

$db->query("CREATE TABLE mydata
(
ID INT AUTO_INCREMENT NOT NULL PRIMARY KEY,
guid INT,
title VARCHAR(100),
body LONGTEXT,
term VARCHAR(100)
)"); 

and my query code :

$myarray = array (
    guid =>  100,
    title => "title test",
    body => "just a test",
    term => "term test",
);

$myplaceholders[] = '(' . implode (", ", array_fill(0, count($myarray), '?')) . ')'; //also tried '(?,?,?,?)'

$mykeys = implode(', ', array_keys($myarray));

array_push($values, ...array_values($myarray)); //also tried $values = array_values($myarray) ;

$res = $db->prepare("INSERT INTO mydata ($mykeys) VALUES " . join(', ', $myplaceholders)) ;

if ($res->execute($values)) {
    echo 'data inserted';
} else {
    echo 'error in query';
}

After executing the code, the table is created but no data is inserted. The strange thing is when I leave the create table statement  out of the connection.php and run the code the data is inserted. Any ideas where I'm going wrong?

Hello all.

I have a textarea on a form that users are posting new's stories into. Most are just copy/pasteing from Word, and they need to be able to include single quotes.
(ie: John's favorite store is Micky's)

I can't figure out how to make the single quotes (') into double quotes ('') so MSSQL will insert them in.

Any help? Here's my process code:


<?php
$title = $_POST['title'];
$district = $_POST['district'];
$central = $_POST['central'];
$east = $_POST['east'];
$north = $_POST['north'];
$west = $_POST['west'];
$story = $_POST['story'];
$date = date("l, M j, Y");
$sqlpicturename = "$picturename.jpg";
$showpicture = $_POST['showpicture'];




//declare the SQL statement that will query the database
$query = 
"
INSERT INTO News (district, central, east, north, west, date, title, story, picture, 

showpicture, show)

Values ('$district' , '$central', '$east' , '$north', '$west' , '$date', '$title' , 

'$story', '$sqlpicturename' , '$showpicture' , 'true')

";

//execute the SQL query and return records
$result = mssql_query($query);



//display the results 

echo "Thank You For Posting Your Story:<b> $title </b><br /><br /><a 

href='addstory.php'>Click Here To Add Another Story</a><br /><br /><a href='index.php'>Click 

Here To Go Back To The WebEdit Menu</a>";
echo "<br /><br />";

mssql_close();

?>
 

how do i handle single quotes in sql query

Code: [Select]
" SELECT name from phrase WHERE name='$stitle' ";this returns an error because the name contains single quotes like this:
Johnson's.

Is there a difference between a single quote regex and and double quote regex ?   for example :

<?php
$res1 = preg_match('/shi*t/', $comment);
$res2 = preg_match("/shi*t/", $comment);
?>

Thank you
Edited by Dareros, 17 September 2014 - 07:07 PM.

I'm using the codeigniter mvc framework and there's an escape function to use before adding the data to the database. This function adds single quotes around the string of data. Is there any already existing php function or does anyone know how to code a function that strips ONLY the surrounding single quotes?

I'm not sure if this is an HTML or browser issue...
But single quotes in strings from database don't work for me in Chrome for some reason. To mine or any other computers.
Every other browser detects these quotes.

I'm outputting an SQL result containing strings like:

Texas Hold'em
or
America's Cup

and I get

Texas Hold
America

Hey all,
when job_title property is equal to null, I want this to happen:

Welcome to the blog of John Merlino.

If it is not null then:

Welcome to the blog of John Merlino, a web designer. //where web designer refers to the value stored in job_title

So I come up with this:

Code: [Select]
echo "Welcome to the blog of " . $blogger->first_name . ' ' . $blogger->last_name  . (!is_null($blogger->job_title)) ? ', ' . $blogger->job_title . '.' : '.';

But when job_title is null, all the page renders is this:
Code: [Select]
, .

That's right. Just a comma, then a space, and then a period.

What am I missing here?

Thanks for response.

I am working with the Amazon API, and I am trying to display a default image if a product does not have an image associated with it.  The query is coming back as an array.  Typically, each product image array looks like this:

$d = SimpleXMLElement Object ( http:// => [url]http://ecx.images-amazon.com/images/I/51aUIul6XjL._SL160_.jpg [Height] => 160 [Width] => 112 )

The code goes like this:

Code: [Select]
if ($d=$E->MediumImage)
            {
                $iu=$d->URL;
                $ih=$d->Height;
                $iw=$d->Width;
               
                echo count($d);
               
                if (strlen($iu) > 0)
                {echo "<center><a href='$url' target='_blank'><img src='images/amazon_noimage.jpg' width='175' height='175' border='0'></a></center>";}
                else
                {echo "<center><a href='$url' target='_blank'><img src='$iu' width='$iw' height='$ih' border='0'></a></center>";}
            }
However, images/amazon_noimage.jpg never shows up (even though it is linked correctly, as I've tested this link).  I have tried the following:

if (strlen($iu) > 0)
if (count($iu) > 0)
if (strlen($d->URL) > 0)
if (count($d->URL) > 0)
if (isset($d))
if (!isset($d))
etc ...

If I display the following, where there is no image, I get nothing displayed:

echo $iu;
print_r($iu);
echo $d->URL;
etc ...

However, if there is an image, I get a link, such as the following:

http://ecx.images-amazon.com/images/I/51c2BFpDN0L._SL160_.jpg

There seems to be NOTHING that I can do to trigger the 'ELSE' part of the if statement.  This is a total enigma to me ... any ideas??