|
PHP - $_post Character Replace
Im bug fixing a script (not my own) and the use of " and ' hasn't been filtered out before an insert query is ran.
there are about 4 scripts of 30 $_POST["something"] input elements that need to be checked, and i was wondering can i just do a find and replace on $_POST rather than each element? Thanks. Similar TutorialsHi, I believe this is my first post on here. First off let me say thank you for silently helping out in the past while I keep on learning PHP. I have decided to build an image gallery, and I am having problems with the page numbering links and the breadcrumbs. Reson I decided to build my own is that I wanted a challange to learn more. I could not find anything that would intregrate with the site as I wanted it to (pulled as a function so offers some customising with options). The problem that I am having is that the <a href= tag is starting to give multipul "/"s when I only need one, so that the url at the top is coming up as http://localhost/mmv4/gallery/pics///Ax/Ax_Jo/ when I am wanting http://localhost/mmv4/gallery/pics/Ax/Ax_Jo/IMG_4244.JPG. I have used str_replace to catch //s and more, but this then adds odd slashes on the end so the page numbeing is getting odd results. some dirs have the / on the end and some do not, so the links are sometimes "visited" and others not. I beleve that the problem is generated in Code: [Select] <?php if(isset($_GET['album'])) { //load the available dirs into an array so that the sneeky users cannot get further back. $files = scandir($gal); $dirs = array(); foreach($files as $file){ if($file != '.' && $file != '..' && $file != 'thumbs') { if(is_dir($gal."/".$file)) { $dirs[] = $file; //echo $file ."<br />\n"; } } } //if(in_array($_GET['album'],$dirs)) { $album = "/".$_GET['album']."/"; $album = str_replace("..", "", $album); //} //else { // $output .= "<p>There is no album called \"$_GET[album]\", please select an album from below.</p>"; //} } or the breadcrumbs bit Code: [Select] <?php if($crumbs == 1) { //bread crums $path = $gal.$album; $path = explode("/", $path); $crumbs = array(); foreach($path as $key => $value) { if($value != ""){ $crumbs[] = $value; } } // create Breadcrumbs div $output .= "<div id=\"breadcrumbs\">"; $number = count($crumbs); $real = ""; foreach($crumbs as $num => $link) { if ($link == $gal) { $link = "Gallery Home"; } if ($num == $number -1) { $output .= $link; } else{ if ($num >= 1){ $real =""; for($x=1; $x<=$num; $x++) { $real .= "/".$crumbs[$x]; } $output .= "<a href=\"?album=".str_replace("/", "",$real)."\">".$link."</a>"." <- "; } else{ $output .= "<a href=\"?album=".str_replace("/", "",$real)."\">".$link."</a>"." <- "; } } $num +1; } //close breadcrumbs div $output .= "</div>"; } Can any one please help me shed some light on this one, I am confused. I can send / attach the full source if needed. MOD EDIT: tags fixed for syntax highlighting . . . The situation is that I have a large string with some identifiers to say "replace me" with something else. My goal is to replace the values, but if one replacement includes one of the other keys, I don't want to replace it.
For example:
<?php $str = 'some blob ~abc~ followed by ~def~'; $arr_orig = array( '~abc~', '~def~' ); $arr_new = array( 'value~def~', 'blah' ); echo str_replace( $arr_orig, $arr_new, $str ); ?>This will echo: some blob valueblah followed by blah But that's not what I'm trying to accomplish. Basically, I want ~abc~ to be replaced with the literal: value~def~ and for the ~def~ that happens to be part of that string to NOT be replaced. I hope what I'm asking is clear. Basically, preg_replace/str_replace with arrays seems no different than just doing a FOR loop and replacing ~abc~ and then ~def~. But that's not what I need. I'm hoping that if ~abc~ is replaced with text that happens to be another identifier -- ~def~, ~xyz~, whatever -- that this already replaced text is not again replaced. Is there a built-in function to do something like this? If not, should I just parse the whole string and count characters or something? Seems like a pain (and slow!) Hi i wrote a find and replace code but my code replace last value of array and skip the first, second.... values in the array. Please give me an idea because i stack with this code. Regards $KeyWord = explode("\n", $RowGetWords['KEYWORDS']); $Replace = explode("\n", $RowGetWords['ReplaceTo']); for($i=0; $i<count($KeyWord); $i++){ $pattern = $KeyWord[$i]; $replace = "<a href=\"" .$URL. "\" target=\"_blank\" >" .$Replace[$i]. "</a>"; $html = str_replace($pattern, $replace, $Row['MessageBody']); } I know via firebug that the correct parameters were passed to my process page and the parameter being passed that in caused issues on the process page is $characterIDList. What's causing the issue is that its not inserting the value into the insert query. The rest of the insert query works fine. process page $characterIDs = explode(',', $_POST['characterIDList']); foreach($characterIDs as $itm){ $id = (int)$itm; } $defaultcharid = (int)$characterIDs[0]; $query = "INSERT INTO `handlers` (username, password, firstname, lastname, email, status_id, isadmin, default_character_id, creator_id, datecreated) VALUES ('$username','$password','$firstname','$lastname','$email','$status','$admin', '$defaultcharid', 1, NOW())"; Hello, My script here is not sending POST vars from form to script. I can't figure it out. Form: Code: [Select] <form action="train2.php" method="POST"> <tr> <td colspan="4"><center><img src="pic/toppage16.gif" /></center></td> </tr> <TR> <TD><FONT COLOR="white">Reassign Miners</FONT></TD> <TD align=right><FONT COLOR="white">0 Naquadah</FONT></TD> <TD align=middle><FONT COLOR="white"><INPUT size="6" maxlength="8" value="0" name="miner>"</FONT></TD> </TR> <TR> <TD><FONT COLOR="white">Reassign Normal Attackers</FONT></TD> <TD align=right><FONT COLOR="white">0 Naquadah</FONT></TD> <TD align=middle><FONT COLOR="white"><INPUT size="6" maxlength="8" value="0" name="atsold"></FONT></TD> </TR> <TR> <TD><FONT COLOR="white">Reassign Normal Defenders</FONT></TD> <TD align=right><FONT COLOR="white">0 Naquadah</FONT></TD> <TD align=middle><FONT COLOR="white"><INPUT size=6 maxlength=8 value=0 name="defsold"></FONT></TD> </TR> <TR> <TD><FONT COLOR="white">Reassign Covert Agents</FONT></TD> <TD align=right><FONT COLOR="white">0 Naquadah</FONT></TD> <TD align=middle><FONT COLOR="white"><INPUT size=6 maxlength=8 value=0 name="spy"></FONT></TD> </TR> <TR> <TD><FONT COLOR="white">Anti Covert Agents</FONT></TD> <TD align=right><FONT COLOR="white">0 Naquadah</FONT></TD><TD align=middle><FONT COLOR="white"><INPUT size="6" maxlength=8 value=0 name="spykiller"></FONT></TD></TR> <TR> <TD align=middle colSpan=3><FONT COLOR="white"><INPUT type="submit" value="UnTrain!" name="untrain"> </FONT> </TD> </form> Code: [Select] <?php if(isset($_POST['untrain'])){ die($_POST['miner']); $miners = securevar($_POST['miner']); $nattackers = securevar($_POST['atsold']); $ndefenders = securevar($_POST['defsold']); $covertunits = securevar($_POST['spy']); $anticovertunits = securevar($_POST['spykiller']); $totalunits+=$miners; $totalunits+=$nattackers; $totalunits+=$ndefenders; $totalunits+=$covertunits; $totalunits+=$anticovertunits; if($totalunits>=1){ $q = "UPDATE `accountinfo_db` SET `miners_1` = `miners_1`-'$miner', `attackers_1` = `attackers_1`-'$natta', `defenders_1` = `defenders_1`-'$ndefe', `covertagents` = `covertagents`-'$cover', `anticovertagents` = `anticovertagents`+'$antic', `untrainedunits` = `untrainedunits`+'$totalunits' WHERE `id` = '$id'"; $res = mysql_query($q) or die(mysql_error()); if(isset($res)){ header("Location: train.php?strmsg=".$totalunits."Troops Untrained! For 0 Naquadah."); } }else{ header("Location: train.php?strmsg=You must enter atleast 1 troop to be un-trained!"); } } ?> when I die($_GET['miner'); nothing is outputed even tho I submited the data. Thank you, Brian Hi guys, running through this tutorial at the moment: http://www.tizag.com/phpT/forms.php I seem to keep having problems with the $_POST variable. Is that obsolete syntax now? Here's the part I get an error on: <html> <body> <?php $quantity=$_POST['quantity']; $item=$_POST['item']; echo "You ordered".$quantity."".$item.".<br/>."; echo "Thank you for ordering from Boombaby art supppplies!"; ?> </body> </html> Here's the error: ( ! ) Notice: Undefined index: quantity in C:\wamp\www\process.php on line 4 Call Stack # Time Memory Function Location 1 0.0009 363936 {main}( ) ..\process.php:0 ( ! ) Notice: Undefined index: item in C:\wamp\www\process.php on line 5 Call Stack # Time Memory Function Location 1 0.0009 363936 {main}( ) ..\process.php:0 You ordered. .Thank you for ordering from Boombaby art supppplies! Any help would be appreciated. I tried googling but everything didn't seem to answer my question or was too confusing. Thanks. Hi guys, I have a form using radio buttons. For the radio button, lets just say i have the id name as 'rim' + number eg; rim0, rim1, rim2.... When i post the data to another file to execute the data collected, naturally i would use the: Code: [Select] $rim0=$_POST['rim0']; $rim1=$_POST['rim1']; .... $rim10=$_POST['rim10']; i tried to shorten this process using this method: Code: [Select] //$q is part of the post variable. for($x = 0; $x < count($q); $x++){ $rim[]=$_POST['"rim"."$x"']; } But i get this error Code: [Select] Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20 Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20 Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20 Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20 Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20 Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20 Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20 Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20 Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20 Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20 Is there something wrong with my POST syntax? ok am workin on this script its a points market for a text based game but my money is not taking the amount of the players i points on the market ... just say i post 10 points for $29.000.000 ... and when the player buys the points it takes the money from that user and give the user points but .... when the user buy the points it dont give the user the money it give $290 ?? not sure is its my SQL av post that to Code: [Select] <?php include 'header.php'; $_POST['buypoints'] = abs(intval($_POST['buypoints']));{ $result = mysql_query("SELECT * FROM `pointsmarket` WHERE `id`='".$_POST['points_id']."'"); $worked = mysql_fetch_array($result); $price = $worked['price']; $amount = $worked['amount']; $totalcost = $price * prettynum($_POST['amount']); $newpointsinmarket = $amount - prettynum($_POST['amount']); $user_points = new User($worked['owner']); if ($worked['owner'] == $user_class->id) { echo Message("You have taken ".$_POST['amount']." points off the market."); $newpoints = $user_class->points + $_POST['amount'];; $result = mysql_query("UPDATE `grpgusers` SET `points` = '".$newpoints."' WHERE `id`='".$user_class->id."'"); $user_class = new User($_SESSION['id']); if ($newpointsinmarket == 0){ $result = mysql_query("DELETE FROM `pointsmarket` WHERE `id`='".$worked['id']."'"); } else { $result = mysql_query("UPDATE `pointsmarket` SET `amount` = '".$newpointsinmarket."' WHERE `id`='".$worked['id']."'"); } include 'footer.php'; die(); } $_POST['amount'] = abs(intval($_POST['amount'])); $_POST['points_id'] = abs(intval($_POST['points_id']));{ } $_POST['amount'] = abs(intval($_POST['amount'])); $_POST['points_id'] = abs(intval($_POST['points_id']));{ } if ($totalcost > prettynum($user_class->money)){ echo Message("You don't have enough money."); } if($_POST['amount'] >= 1 && $_POST['amount'] <= $amount && $totalcost <= $user_class->money){ echo Message("You have bought ".$_POST['amount']." points for $".$totalcost); $newpoints = $user_class->points + $_POST['amount']; $newmoney = $user_class->money - $totalcost; $result = mysql_query("UPDATE `grpgusers` SET `money` = '".$newmoney."', `points` = '".$newpoints."' WHERE `id`='".$user_class->id."'"); $newmoney = $user_points->money + $totalcost; $result = mysql_query("UPDATE `grpgusers` SET `money` = '".$newmoney."' WHERE `id`='".$user_points->id."'"); $user_class = new User($_SESSION['id']); if ($newpointsinmarket == 0){ $result = mysql_query("DELETE FROM `pointsmarket` WHERE `id`='".$worked['id']."'"); } else { $result = mysql_query("UPDATE `pointsmarket` SET `amount` = '".$newpointsinmarket."' WHERE `id`='".$worked['id']."'"); } } } $_POST['addpoints'] = abs(intval($_POST['addpoints'])); $_POST['id'] = abs(intval($_POST['id']));{ } if($_POST['amount'] < 1){ } if($_POST['price'] < 1){ } if ($_POST['amount'] >= 1 && prettynum($_POST['amount']) <= $user_class->points && $_POST['price'] >= 1){ echo Message("You have added ".$_POST['amount']." points to the market a price of $".$_POST['price']." per point."); $result= mysql_query("INSERT INTO `pointsmarket` (owner, amount, price)"."VALUES ('$user_class->id', '$_POST[amount]', '$_POST[price]')"); $newpoints = $user_class->points - $_POST['amount']; $result = mysql_query("UPDATE `grpgusers` SET `points` = '".$newpoints."' WHERE `id`='".$user_class->id."'"); $user_class = new User($_SESSION['id']); } ?> <link href="style.css" rel="stylesheet" type="text/css" /> <tr><td class="contenthead">Point Market</td></tr> <tr><td align="center" class="contentcontent"> <p> </p> <p><strong>You need to be a Respected Warrior to add points to the market</strong><br> Use this form to add points to the points market.</p> <p><strong>Bank Account[<? echo prettynum($user_class->bank) ?>]</strong><strong></strong><br /> <strong><a href="pointmarket.php">[Refresh</a>]</strong></p> <form method='post'> <table align="center"> <tr> <td>Amount of points</td><td> <input name='amount' type='text' class="areatest" value='0' size='10' maxlength='20'></td> </tr> <tr> <td>Price per point</td><td>$<input name='price' type='text' class="areatest" value="0" size='10' maxlength='20'></td> <tr><td align="center" colspan="2"><input name='addpoints' type='submit' class="buttong" value='Add Points'></form></td> </tr></table> </td></tr> <tr><td class="contentcontent"> <?php $result = mysql_query("SELECT * FROM `pointsmarket` ORDER BY `price` DESC"); while($line = mysql_fetch_array($result, MYSQL_ASSOC)) { $user_points = new User($line['owner']); if ($user_points->id == $user_class->id){ $submittext = "Remove"; } else { $submittext = "Buy"; } echo "<form method='post'>"; echo $user_points->formattedname." - ".$line['amount']." points for ".prettynum($line['price'],1)." per point <input type='text' name='amount' size='3' maxlength='20' value='".prettynum($line['amount'])."'><input type='hidden' name='points_id' value='".$line['id']."'><input type='submit' name='buypoints' value='".$submittext."'></form><br>"; } ?> </td></tr> <?php include 'footer.php'; ?> SQL Code: [Select] CREATE TABLE IF NOT EXISTS `pointsmarket` ( `owner` int(10) NOT NULL default '0', `amount` text NOT NULL, `price` text NOT NULL, `id` int(10) NOT NULL auto_increment, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC AUTO_INCREMENT=81 ; I use a form to sent date and use php to display it . However , the code only can working on one page. I can not turn the page. I do not why . Please tell me reason . Thank you very much. <select name="kind"> <option >kind</option> <option value="Copier Toner">Copier Toner</option> <option value="Laser Toner">Laser Toner</option> <option value="MICR Toner">MICR Toner</option> <option value="Inkjet">Inkjet</option> php code if (isset($_GET["page"])) { $page = $_GET["page"]; } else { $page=1; }; $start_from = ($page-1) * 18; $select="select * from $chun where brand = '$_POST[brand]' or sort ='$_POST[kind]' or type='$_POST[type]' LIMIT $start_from, 18"; $result2=mysql_query($select, $connection) or die (mysql_error()); <?php $sql = "select count(*) from $chun where brand = '$_POST[brand]' or sort='$_POST[kind]' or type='$_POST[type]' "; $rs_result = mysql_query($sql,$connection); $row = mysql_fetch_row($rs_result); $total_records = $row[0]; $total_pages = ceil($total_records / 18); for ($i=1; $i<=$total_pages; $i++) { ?> <div class="trunpage"><a href='table2.php?page=<?php echo "$i" ; ?>&id=<?php echo "$_POST[brand]";?>&cd=<?php echo "$_POST[kind]";?>&td=<?php echo "$_POST[type]";?>' ><?php echo "$i" ; ?></a> </div> The first page is working fine. The second page I get error message. Undefined index: brand in C:\wamp\www\php1000\table2.php on line 234 hey guys I know this is html but I'm using the php $_POST to grab the information the user chooses, i can't figure out though how to grab the info i'm looking for in this select option form if they choose PasswordCracker v3.0 what is it i'm looking to set my $_post['']; to? <FORM action="buy.php" method="POST"> <select name="passwordcrakers"> <option value="v2.0">PasswordCracker V2.0</option> <option value="v3.0">PasswordCracker V3.0</option> <option value="v4.0">PasswordCracker V4.0</option> <option value="v5.0">PasswordCracker V5.0</option> <option value="v6.0">PasswordCracker V6.0</option> <option value="v7.0">PasswordCracker V7.0</option> <option value="v8.0">PasswordCracker V8.0</option> <option value="v9.0">PasswordCracker V9.0</option> <option value="v10">PasswordCracker V10</option> </select><br /> <input type="submit" value="Buy" name="submit" /> </FORM> Hey, I'm having an issue with using Wikipedia's OpenSearch API - it sometimes gives me characters in a unicode format: "\u00f1" and I would like to convert back into a correctly displayed format (in this case, n-tilde; spanish n). Any suggestions? I got another problem. It is a counting characters. When I reload text from database, I want to count how many characters are in text. The problem is that I use the timymce, and there is a tags </p> and formats <span> and other formats. How can I count characters without those format, just pure characters entire text? I need a php code. And some plus - text is in utf8 coding in database with utf8 bin. all i want is for when their is a _ to be replaced with a space so i tried these and neither worked Code: [Select] <?php $pmod = str_replace("_"," ",$p); $pmod = preg_replace("_"," ",$p); ?> so i was wondering if because this was in a while statement, is this the reason its not working, and if so how should i fix it (this is the while) Code: [Select] <?php while ($z <= $w){ $p = $multi[$z]; $pmod = str_replace("_"," ",$p); echo "<a href='tag.php?tag=$p'" . $p . ">" . $pmod . "</a> "; $z++; } ?> Hi, does anybody know why I get a question mark inside a diamond shape where a pound sign should be when i retrieve data from a mysql database? I have tried using latin1_general_ci and utf8_general_ci and they both do the same, don't know whether that is anything to do with it or not? Any help would be greatly appreciated. All, I have a zip code and for example the zip code is 01101. How can I determine if the first character in this is a zero? Thanks in advance. Thanks to the advice of others on PHPFreaks, I have decided that allowing any character for certain fields on my "Add an Article" form. However, I still want to define a length between 2 and 100. How do I re-write my RegEx to accomplish this? Befo Code: [Select] // Check HTML Title. if (empty($trimmed['htmlTitle'])){ $errors['htmlTitle'] = 'Please enter an HTML Title.'; }else{ if (preg_match('#^[A-Z \'.-]{2,100}$#i', $trimmed['htmlTitle'])){ $htmlTitle = $trimmed['htmlTitle']; }else{ $errors['htmlTitle'] = 'HTML Title must be 2-100 characters (A-Z \' . -)'; } } Here is my best guess... After: Code: [Select] // Check HTML Title. if (empty($trimmed['htmlTitle'])){ $errors['htmlTitle'] = 'Please enter an HTML Title.'; }else{ if (preg_match('#^[.*]{2,100}$#i', $trimmed['htmlTitle'])){ $htmlTitle = $trimmed['htmlTitle']; }else{ $errors['htmlTitle'] = 'HTML Title must be 2-100 characters (A-Z \' . -)'; } } Debbie so if I have a a string of text or something like Code: [Select] http://www.yahoo.com/ajhsijd908340 I can use str_replace to remove "http://" but what can I use to remove the "ajhsijd908340" if every time it is a different set of characters? I have problem, there are users with "?" character in username, and their address to profile is /profile/username/. I have var: $username that is that username, now, how can i replace all that characters which cant open users profile.. I mean for "?" i need to put "%3F", how can i replace? I know with str_replace, but is there any other solution like htmlencode or something like that? :S |
|||||||