|
PHP - Single Quote Inside String
I have a form that people can fill out, and then it echos the string, however right now they can't use single quotes. Below is how I have it settup.
Code: [Select] $side = '<p>About Me:</p> <ul> <li>Birth Date: October, 23rd, 2010</li> <li>Hometown: Rapid City, SD</li> <li>Height: 4\'</li> <li>Weight: 50lbs</li> <li>Foot Size: 4</li> <li>Favorite Movie: All of the Shrek Movies!</li> <li>Favorite Book: Winnie the Pooh Series</li> <li>Favorite Cartoon Character: Eeyore or Donkey from Shrek!</li> <li>Favorite TV Show: Anything on Animal Planet!</li> <li>Favorite Food: Hay</li> <li>Favorite Pro Sports Team: Rapid City Rush</li> <li>Favorite Mascot: Nugget, of course!</li> <li>Favorite Game: Donkey Kong!<br /> </li> </ul>'; if ($side != NULL){ echo "<div class=\"grid_6\" id=\"tertiary\"> $side </div>"; }else{ } And I would be able to use $side = "whatever I want to write"; because then they would still need to escape the double quotes with \" if they wanted to put in a link or anything. How do I do this with allowing them to just use single quotes when they enter their data so they don't have to \' (escape the single quote)? Thanks Similar TutorialsHi, I'm trying to delete a string that's single quoted. From: Cyto's to Cyto, but doesn't work. It works when I add 's to the string with stripslashes, but I can't seem to delete a quote from a string. Does someone know how? My $_post code: Code: [Select] $name=mysql_real_escape_string(stripslashes($_POST["ename"])); Cheers This will have been posted before, but I can't find a solution that works. Most people say to try mysql_real_escape_string, I have tried lots of variations and it doesn't seem to work. Could anyone help with the below code? It is part of a form that returns a syntax error when adding a single quotation mark e.g. entering "Bryan's" into the form causes the error. I'd be really grateful for any assistance. Steven P.S. Before anyone mentions it, the mysql connect does work - I just haven't included the full page of code. Code: [Select] mysql_connect($dbserver, $dbusername, $dbpassword); mysql_select_db($dbname); $sitetitle = htmlentities($_POST[sitetitle]); $query = mysql_query("UPDATE site_settings SET sitetitle = '$sitetitle'"); echo("<b>Settings Updated!</b>"); Hi, I am able to parse php variable in double quote but not in single quote. How can I parse in single quote. Following example shows 2 results and I want same result in both. First Name : Zohaib First Name : $firstname Code: [Select] // Connecting, selecting database $link = mysql_connect('localhost', 'root', 'password'); mysql_select_db('dbname'); // Performing SQL query $query = 'SELECT first_name FROM tablename'; $result = mysql_query($query); // Printing results in HTML while ($row = mysql_fetch_assoc($result)) { $firstname=$row['first_name']; } echo"<table> <tr> <td>First Name : </td> <td>$firstname</td> </tr></table>"; echo'<table> <tr> <td>First Name : </td> <td>$firstname</td> </tr></table>'; What are the changes I need to do to achieve same result. Any solution ? - Thanks. I am trying to do the seemingly simple thing - replace all single quotes in text str_replace ("'", "´", $text); It does not replace anything. I trying escaping single quote, using other similar functions - nope. Also tried to google What I an doing wrong? Any help would ne much appreciated. I am making a simple script for my friend that uses mod_rewrite, but for testing I don't use the mod_rewrite link. The page is video.php The extension is ?title= I have having a problem when I type the title with a Single Quote in it('). Example. video.php?title=The-Sorcerer's-Apprentice I have str_replace for the dash(-) to be replaced as a space, so that's not the problem. Here's my code. <?php if($_GET) { $title="{$_GET['title']}"; $title = str_replace('_', ' ', $title); $title = str_replace('-', ' ', $title); if ($list = mysql_query("SELECT * FROM videos WHERE title='". mysql_real_escape_string($title) ."'") or die (mysql_error())); { if(mysql_num_rows($list) > 0){ if (mysql_num_rows($list)) { while($videos=mysql_fetch_array($list)) { ?> <div id="content"> <center><h3><?php echo $videos['title']; ?></h3> <object width="640" height="385"><param name="movie" value="<?php echo $videos['youtubelink']; ?>"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="<?php echo $videos['youtubelink']; ?>" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object> <br/><br/><a onclick="javascript:history.go(-1)" href="#">Go Back</a> </center> </div> <?php } } } ?> Hi I have a simple form and when the user submits, php is putting a \ before every single quote entered in the field. So for example, if a user enters O'Neill, once i do $lastName = $_POST["lastname"]; $lastName comes back as: O\'Neill is there some way I can turn this off? Is there a difference between a single quote regex and and double quote regex ?
for example :
<?php
$res1 = preg_match('/shi*t/', $comment);
$res2 = preg_match("/shi*t/", $comment);
?>
Thank you
Edited by Dareros, 17 September 2014 - 07:07 PM. Hi, I'm trying to type in a name of a song into an input field, for example: I'll Be Missing you This field is captured through $_POST and set to a variable $title I then update the table with this new title. Once it is updated, all that is shown in the data is: I The single quote, and anything after it is gone completely. Here is my query. How can I change this so it includes the single quote and everything after it? $sql = "UPDATE sheets SET artist = '$artist', title = '$title', active = '$activestatus' WHERE id = $value"; $result = mysql_query($sql) or die(mysql_error().'<br>'.$sql); If more code is required to understand what I'm talking about, let me know. Let me preface this by saying that I've been using php for a while, but never got extremely advanced, so feel free to slap me about for something stupid... I'm working through a jQuery & PHP book, and I've noticed that he's wrapping all his column and table names in the apostrophe ` when making MySQL queries . In the past I've never done this. What does the ` do? I understand about single quotes and double quotes, but haven't come across the ` being used. What's the deal? I'm so sorry for this question but I not really know how to play with single and double quote. If I have a query like this: Code: [Select] mysql_query('UPDATE table SET Status=1,Sending=Done WHERE ID IN ('.implode(',', $done).')'); And I wish to add Code: [Select] SentAt='$date' in the query as well , and I try this: Code: [Select] mysql_query('UPDATE table SET Status=1,Sending=Done,SentAt='$date' WHERE ID IN ('.implode(',', $done).')'); Not working...how should I write it? Thank you. When I add a ' or " quotes in a textarea I get a sql error when it tries to insert the record.
I was told to use mysqli_real_escape_string but that didn't work.
Here's my code -
$blog= mysqli_real_escape_string($con, $_POST['blog']);
$blog= $_POST['message'];
$sql = "SELECT * FROM table WHERE `message` = '{$message}'";
$result = mysql_query($sql);
if ( mysql_num_rows ( $result ) > 0 )
{
$error = "Message Exists.";
}
else
{
$error = "This message does not exist. Insert it!!!";
$sql="INSERT INTO table (message) VALUES ('$_POST[message])";
}
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
mysqli_close($con)
Edited by barkly, 26 October 2014 - 09:31 PM. hey guys im trying to find a string inside a string which could be made up of different things eg... {$test}, {$test1}, {$test2} etc (but the varable inside could be called anything hence maybe using regex im not sure?) is this possible?...i hope you guys understand....thanks Greetings, I'm looking for a way to pass a query string (from page1) as part of a query string (to page2) as a single key=>value pair. The idea is the use the query string to return the user to the previous page after the action has been completed. query results[page1]->view record/action selection[page2]->back to results[page1] I'm sure someone has been down this path before. P.S. the script is all contained within one file, thus the filename.ext is already known. Thanks Hi guys, I am using this oAuth library https://github.com/elbunce/oauth2-php But more specifically these lines of code: protected function getToken($token, $isRefresh = true) { try { $tableName = $isRefresh ? self::TABLE_REFRESH : self::TABLE_TOKENS; $tokenName = $isRefresh ? 'refresh_token' : 'oauth_token'; $sql = "SELECT $tokenName, client_id, expires, scope, user_id FROM $tableName WHERE token = :token"; $stmt = $this->db->prepare($sql); $stmt->bindParam(':token', $token, PDO::PARAM_STR); $stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC); return $result !== FALSE ? $result : NULL; } catch (PDOException $e) { $this->handleException($e); } } However, this is retuning no value. If I modify the code to be: protected function getToken($token, $isRefresh = true) { return $token; } It returns the $token value, so the $token is definitely being passed to the function. The code should return an associative array: i.e., $token["expires"], $token["client_id"], $token["userd_id"], $token["scope"], etc Also $token should not === NULL. PS. I run a few checks on $tableName = $isRefresh ? self::TABLE_REFRESH : self::TABLE_TOKENS; $tokenName = $isRefresh ? 'refresh_token' : 'oauth_token'; And they are returning the correct values. Which from my thinking narrows it down to: $sql = "SELECT $tokenName, client_id, expires, scope, user_id FROM $tableName WHERE token = :token"; $stmt = $this->db->prepare($sql); $stmt->bindParam(':token', $token, PDO::PARAM_STR); $stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC); return $result !== FALSE ? $result : NULL; Any and all help is greatly appreciated. Thanks in advance. Hi there! I am wondering if anyone knows how to handle strings that contain form fields, so when the form is submitted the fields inside the string are updated. For example say i have the following $string: Code: [Select] please enter your username: <input type=text size=50 name=username value=" "> When I display it on the browser, inside of a form, it displays the blank text field. Say the user enters a value in the text field, "John", and hits submit. I need the $string to be updated to the following: Code: [Select] please enter your user name: <input type=text size=50 value="John"> I know it sounds wierd but I need the form to be inside of the string! Thanks in advance for any help! Hi Everyone, I have built a website utilizing a PHP abstract Webpage class to create the pages. When creating another class that inherits from Webpage class I rewrite abstract functions, etc. where needed. When instantiating an object of the extended classes I pass the constructor the $page_title, $css_file, $meta_data, $keywords, etc., etc.. I am able to pass html markup in a string variable to a class level "Setter" function to populate a "main area" of the website and all works perfectly. However, I have a contact form which I send the "Submit Message" button click to a PHP function that takes care of making sure the form fields are not empty, then sends email and returns a success message back to the calling page, if they are empty, the function returns what fields are empty(required). If the page includes empty and populated fields I want to put the populated fields into session variables so that I may populate the fields when the user is taken back to the page and display to the user the required fields that were empty(this functionality is already within the function). This brings me to my question(see code below for reference): Seeing that I am populating a variable with a string it seems I cannot use an if statement, echo or the like, my IDE gives me errors. How may I insert an if statement where needed to populate the empty form fields? Code: [Select] include('../php_functions/functions.php');//for the chechData() function $error_message = NULL; if(isset($_POST['submit'])) { $error_message = checkData($_POST, 'Renovation & Consulting'); } $main_content = '<form method="post" action=""> <fieldset id="contactform"> <legend>Renovations & Consultations</legend>'. [color=red]//placing a variable here works fine![/color] $error_message .'<div class="row_div"> <div class="label_div"> <label>First Name:</label> </div> <div class="input_div"> <input name="First Name" type="text" maxlength="50" size="50" value="'.[color=red]if(session variable not empty) echo it here;.'"[/color] /> </div> </div> <div class="row_div"> <input name="submit" type="submit" value="Send Message" /> </div> </fieldset> </form>'; Thanks for any and all responses. Chuck how do i get the image to show as the code i have is echoing what i have been told is binary, not confirmed. and not the images. all images are .jpg Code: [Select] $allowed_types = array('png','jpg','jpeg','gif'); $imgdir = '/home/mysite/ftpfolder'; $imgFilesArray = scandir($imgdir); foreach ($imgFilesArray as $imgkey => $imgvalue) { $imgInfo = pathinfo($imgdir . '/' . $imgvalue); $imgExtension = $imgInfo['extension']; if(in_array($imgExtension, $allowed_types)) { readfile($imgdir . '/' . $imgvalue); //echo '<img src = "'. $imgdir .'/'. $imgInfo['basename'].'" alt="" />'; } } images are FTP'd to the ftpfolder and can not be placed anywhere else but this folder due to security reasons. PHP script return 20Â UL LISTÂ values like, < ul >
A < /ul > How to display UL LIST into row wise 5 columns like
A B C D This code only works in firefox <a onMouseout='hidetooltip()' onMouseover='tooltip(\"<img src=img/heroes/$hero.gif\")' href='hero.php?hero=$hero'>Text</a> Btw, I use this in echo (php). How to get quotes (triple) on <img src= ? I also have tried <img src='img/heroes/$hero.gif' But only works on FireFox Hi, I've been scratching my head for a while now about how to do this, I'm relatively new to php and mysql and perhaps foolishly taking on creating a user area for a website. I have everything else working, all of my register account functions and confirmations and all of the login scripts etc. I have created a profile page which returns various information to the user (this bit works fine) and I've got some nice show/hide toggles running with some javascript/css but my intention is to allow the user to change thier information (e-mail address, contact phone number and also whether they are subscribed to the e-mail list), it also displays any support tickets or messages. So after the long intro, here's what I'm struggling with... I have a form in a visibility toggled <div> which submits a 'change_email' script, so a user wants to change their e-mail, clicks on change, the <div> appears, they bang in the new e-mail and hit submit. My php script appears to work (because it doesn't throw up any errors), until you realise that actually it's not updated the record in the db... I'm using mysql_query("UPDATE users SET email='$new_email' WHERE username='$user'"); Do I need to setup variables for all of the information in the db (name, username, password, email, contno etc etc) and include them in the command to get it to work or should that just pick the correct record and then update it? If that is the case is there a way I can include 'blank' variables so I don't have to set them all up... e.g. mysql_query("UPDATE users SET user='',password='',email='$new_email', etc WHERE username='$user'"); Many thanks in anticipation |
|||||||