PHP - Handle Single Quotes In Select Statement

Hi All

 

I have not really played around with PHP in ages so I am having a hard time trying to figure out the best way to proceed. Anyhow... what I need to get done is to take a singleton pattern core database class that has a extended driver based class (ie; the type of database server the connection is connecting to), and build a new class that dynamically handles as many driver based connections that are called using a single instance. As a side note, I tried PDO but it only supports a single driver per class instance, and then each of those connections cannot not have their on set of properties that relate to each connection. Anyway, I was thinking that the best way to handle all the driver specific connections, is to hand out a 'unique hash reference' that points to an array of connection objects and the object properties. then when the client runs any sql function they pass the 'unique hash reference'  which the class then returns the object and it properties that will be used by the class to call up the driver specific sql function that was requested by the client. So what do you all thing about that....

 

TIA

stephanieT

 

PS...

 

I reason i need this is because I need to update up 25 different databases based on data stored on all the databases and  not all of the database servers are of the same type, (ie; MSSQL, Oracle, MySQL, MariaDB, berkeley DB, postgres, sqlite2,3, etc, etc)!

Edited January 16, 2019 by StephanieT

I have a simple form that connects to this php page. Only two variables, "ArticleDescription" & "URL". I've tried a number of things, several of which are listed below, but have had no success. I'm certain it's just my idiocy but am requesting some help with this. I KNOW it's an easy fix, it's just over my head, I'm only four days into programming, so I'm a complete newb. Your kindness is requested.

----
<?php

// connection

mysql_select_db("doofyd5_comments", $con);

$ArticleDescription=mb_convert_encoding($ArticleDescription, 'UTF-8', 'UTF-8');
$URL=htmlspecialchars($URL, ENT_QUOTES);
$ArticleDescription=str_replace('\"','&quot;',$ArticleDescription);

$sql="INSERT INTO web_articles (ArticleDescription, URL) VALUES ('$_POST[ArticleDescription]','$_POST[URL]')";

if (mysql_query($sql,$con)) {
    header ("location:desiredurl");
    require_once('desiredurl");
    exit();
    }
    else {

echo "You may have added a single quote to the article description!";
}

mysql_close($con)

?>
----

I have a paragraph in a text in my data table column with apostrophes and heights, like, "He'll likely grow beyond 6'6"."

 

I've tried addslashes($update), but it's not working.  (At another time I thought I had something like that.)

Is there something that will take care of it short of typing \ before every instance I use quotes, the using stripslash?

for print html : What's Better, Faster and Optimized ?!?

Code: [Select]
echo "<tr height=\"22\">
    <form action = \"{$URL}/admin/edit.php\" method=\"POST\">
      <input type=\"hidden\" name=\"login\">
      <td width=\"15%\" bgcolor=\"$bgcolor\">&nbsp;<input type = \"text\" name = \"login\" value=" . $f['login'] . "></td>
      <td width=\"15%\" bgcolor=\"$bgcolor\">&nbsp; <input type = \"password\" name = \"password\" value=" . $f['pass'] . "> </td>
    </form>
        </tr>";

With PHP Method 2 : ( single )

Code: [Select]
echo ' <tr><form action = "' . URL . '/admin/editadmins.php" method="POST"> ';
 echo ' <td align="left" valign="top"><input type = "text" name = "login" value = "' . $f['login'] . '"></td>';
 echo ' <td align="left" valign="top"><input type = "password" name = "password" value = "' . $f['pass'] . '"></td></form></tr>';

Method 3 : (With Html And Php echo )

Code: [Select]
<tr height="22">
<form action = "../admin/editadmins.php" method="POST">
<td align="left" valign="top"><input type = "text" name = "login" value = "<?PHP echo $f['login']; ?>"></td>
<td align="left" valign="top"><input type = "text" name = "password" value = "<?PHP echo $f['pass']; ?>"></td>
</form>
<tr>
Thanks.

Is there a difference between a single quote regex and and double quote regex ?   for example :

<?php
$res1 = preg_match('/shi*t/', $comment);
$res2 = preg_match("/shi*t/", $comment);
?>

Thank you
Edited by Dareros, 17 September 2014 - 07:07 PM.

Hello all.

I have a textarea on a form that users are posting new's stories into. Most are just copy/pasteing from Word, and they need to be able to include single quotes.
(ie: John's favorite store is Micky's)

I can't figure out how to make the single quotes (') into double quotes ('') so MSSQL will insert them in.

Any help? Here's my process code:


<?php
$title = $_POST['title'];
$district = $_POST['district'];
$central = $_POST['central'];
$east = $_POST['east'];
$north = $_POST['north'];
$west = $_POST['west'];
$story = $_POST['story'];
$date = date("l, M j, Y");
$sqlpicturename = "$picturename.jpg";
$showpicture = $_POST['showpicture'];




//declare the SQL statement that will query the database
$query = 
"
INSERT INTO News (district, central, east, north, west, date, title, story, picture, 

showpicture, show)

Values ('$district' , '$central', '$east' , '$north', '$west' , '$date', '$title' , 

'$story', '$sqlpicturename' , '$showpicture' , 'true')

";

//execute the SQL query and return records
$result = mssql_query($query);



//display the results 

echo "Thank You For Posting Your Story:<b> $title </b><br /><br /><a 

href='addstory.php'>Click Here To Add Another Story</a><br /><br /><a href='index.php'>Click 

Here To Go Back To The WebEdit Menu</a>";
echo "<br /><br />";

mssql_close();

?>
 

I'm using the codeigniter mvc framework and there's an escape function to use before adding the data to the database. This function adds single quotes around the string of data. Is there any already existing php function or does anyone know how to code a function that strips ONLY the surrounding single quotes?

I'm not sure if this is an HTML or browser issue...
But single quotes in strings from database don't work for me in Chrome for some reason. To mine or any other computers.
Every other browser detects these quotes.

I'm outputting an SQL result containing strings like:

Texas Hold'em
or
America's Cup

and I get

Texas Hold
America

hello;

my webhost made a change to my php.ini file yesterday.  since then php is escaping single quotes that it receives from flash.

Code: [Select]
//-- AS3
var myVariables:URLVariables = new URLVariables();


myVariables.pvs_params = "'h'e'l'l'o" ;

var myURLRequest:URLRequest = new URLRequest("mysql_task_mgr.php");
myURLRequest.data   = myVariables ;
myURLRequest.method = "get"       ;

navigateToURL( myURLRequest, '_blank' ) ;


Code: [Select]
//-- php
print( $_GET[ "pvs_params"    ]   ) ; // --> \'h\'e\'l\'l\'o



any thoughts?

my webhost is stumped;

When I add a ' or " quotes in a textarea I get a sql error when it tries to insert the record.    I was told to use mysqli_real_escape_string but that didn't work.    Here's my code -

   $blog= mysqli_real_escape_string($con, $_POST['blog']);
   

        $blog= $_POST['message'];
            
        $sql = "SELECT * FROM table WHERE `message` = '{$message}'";
        
        $result = mysql_query($sql);
        
        if ( mysql_num_rows ( $result ) > 0 )
        {
                        
            $error = "Message Exists.";
        }
        
        else
        {
        
         $error = "This message does not exist. Insert it!!!";
        
         $sql="INSERT INTO table (message) VALUES ('$_POST[message])";
        
        
        }
        
        if (!mysqli_query($con,$sql))
         {
         die('Error: ' . mysqli_error($con));
         }
        
        mysqli_close($con)

Edited by barkly, 26 October 2014 - 09:31 PM.

I have a navigation list displaying which is a mix of html and php, everything is working fine however now I want to convert this block of code into a function but am having major problems with quotes.

The line of code I currently have is 

$data = $db->query("SELECT * FROM menu")->fetchAll(PDO::FETCH_ASSOC);

foreach ($data as $row) { ?>
     <li><a href="<?php echo $row['url']; ?>" title="<?php echo $row['title']; ?>"><?php echo $row['icon'] . ' ' . $row['header']; ?></a></li>

<?php
	}
?>

As I say everything works using the above but now I am trying to echo the full li out and am having major issues with single and double quotes.

I currently have 

echo "<li><a href='#' title='the title'><i class='fas fa-user site-nav--icon'></i> Help</a></li>";

Now I am trying to use the $row['url'], $row['title'], $row['icon'] & $row['header'] as per the top example but I cannot get the combination of quote marks correct, whether to use double, single or a combination.

I would be grateful if someone could suggest the correct syntax for the a tag then I can work through the rest.

Thanks

Hi im struggling to find out how to get an if statement working with my random quote creator, here is the coding:
Code: [Select]
<?php
include 'connect.php';
session_start();
$username = $_SESSION['loginusername'];

$result = mysql_query("SELECT * FROM boxerinfo WHERE fighterrequest = '$username'");

while($row = mysql_fetch_array($result))
  {
$quotes[] = 'Go ahead, bite the big apple, don\'t mind the maggots, uh huh.';
$quotes[] = 'Happiness is a warm gun. (bang-bang, shoot-shoot.)';
$quotes[] = 'You may be a lover but you ain\'t no dancer.';
$quotes[] = 'Yeah you got lucky, babe. When I found you.';
$quotes[] = 'Out here in the fields, I fight for my meals.';
$quotes[] = 'You go back, jack, do it again. Wheel turnin\' round and round.';
$quotes[] = 'Don\'t let the sound of your own wheels drive you crazy.';
$quotes[] = 'Lord I\'m learning so much more, than back when I knew it all.';
$quotes[] = 'You get too much you get too high. Not enough and you\'re gonna die.';
$quotes[] = 'You were wrong when you said, \'everything was gonna be alright.\'';
$quotes[] = 'I know just what you need. I might just have the thing.';
$quotes[] = 'I am hot, and when I\'m not, I\'m cold as ice.';
$random_number = rand(0,count($quotes)-1);

echo $quotes[$random_number];
 
  }
?>
I just want if $quotes = (a certain quote) then insert into mysql table, anyone know how to do this on an array?

thanks

Hi, I'm modifying the following PHP code from a Wordpress plugin:

/* Byline. */

if ( $instance['byline'] )
echo do_shortcode( "<p class='byline'>{$instance['byline']}</p>" );

/* Entry title. */

if ( 'widget' !== $instance['entry_container'] && $instance['entry_title'] && $show_entry_title ) {
the_title( "<{$instance['entry_title']} class='entry-title'><a href='" . get_permalink() . "' title='" . the_title_attribute( 'echo=0' ) . "' rel='bookmark'>", "</a></{$instance['entry_title']}>" );
}
elseif ( 'widget' !== $instance['entry_container'] && $show_entry_title ) {
the_title( "<a href='" . get_permalink() . "' title='" . the_title_attribute( 'echo=0' ) . "' rel='bookmark'>", "</a>" );
}

The output currently is:
Code: [Select]
[ December 13, 2010 ]

Post Title
I'm trying to combine the two so that the output appears on one line.  What is the operator to execute multiple command in one statement?

Thanks.

Hey, I was wondering if there is a way to pull multiple rows at once using a list of unique identifiers. For example, I want to pull the rows with the IDs of 4,13,91 and 252

I know the WHERE part of this query is incorrect, but I'm putting it to hopefully help you guys understand what I'm looking for.

$result = mysql_query("SELECT * FROM $table WHERE id='4' OR '13' OR '91' OR '252'");
while($row = mysql_fetch_array($result))
{
echo($row['name']);
}


Or is the best way simply to do it one query at a time without a while statement? There could be as many as a few dozen records being pulled per page.

have you ever wondered how to select a single coloumn from mysql using php & checking whether a value or variable exists in the resulting array... well here is the code

$busid = '5412';
$results    =   mysql_query("SELECT `myname` FROM mytable WHERE myuser = 'user'");
        while($rows = mysql_fetch_array($results))
        {   
            $colnames[] = $rows['myname'];
        }
        if(!in_array($busid, $colnames))die("Access denied");