PHP - Using Quotation Marks With Php And Mysql

i have this code:

<input onclick='window.location.href="http://www.computerhope.com"' class='button_inline' type='button' name='view' value='View' />

Which is perfectly fine if it wasn't because it is being echoed in php, and then the double quotes f**k up. An easy fix?

I have the " or the ' all wrong.  Can someone tell me how to do the quoation marks correctly so I dont get a syntax error:

as can be seen, the date 10/5/14 is not a variable but I want to convert it to a format that can go into a DATE field.

Code: [Select]
$query = "update table set expir_date = date("Y-m-d", 10/5/14) where id = '$id' ";

I made a template class recently and the only problem I'm having with it is that when I pull the HTML through if I add double quotes anywhere it breaks the code. I understand why its breaking sorta but I can't figure out how to fix it.
Code: (HTML) [Select]
<html>
<head>
</head>
<body>
    <p id='Element'>"Something in quotes"</p>
</body>
</html>

Code: (PHP) [Select]

$string = $template->myMethod();//Returns the html in a string

eval("\$HTML = \"$string\";"); //The error happens during the evaluation here

echo($HTML);


The string breaks with double quotes during the eval method and I've tried replacing the " mark with \" by using str_replace but i haven't been able to get it to work. Thanks for your replies

I imagine there are lots of ways to answer this question, so I just want people's opinions as to the best way (if there is one).

I have code with a basic form that submits data to a MySQL database. 

So when someone submits data the first time, I "clean it up" by doing...
Code: [Select]
$_POST['data'] = trim(mysql_prep($_POST['data']));
.. and then submit that info into a "varchar" mySQL field.

Then if the user comes back to edit it, the form comes up and the data they previously entered is pulled into the field this way (I'm leaving out the MySQL to pull the data, obviously)...

Code: [Select]
<input type="text" name="field" value="<?php echo $data;?>">

The problem is that if someone entered this originally...
Code: [Select]
Here is "some" data with apostrophes
...Then when I echo that back into the value of the text field, it would only show...
Code: [Select]
Here is "...and then cuts off because the quotation mark in the data conflicted with the quotation mark after value=

Is htmlentities the answer here, or is there some other/better way?

FYI...


Code: [Select]
function mysql_prep($value) {
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists("mysql_real_escape_string") ; //i.e. PHP >= v4.3.0
if($new_enough_php) { //PHP v4.3.0 or higher
//undo any magic quote effects so mysql_real_escape_string can do the work
if($magic_quotes_active) { $value = stripslashes($value) ;}
$value = mysql_real_escape_string($value);
} else { //before php v4.3.0
// if magic quotes aren;t already on then add slashes manually
if(!magic_quotes_active) { $value = addslashes($value); }
// if magic quotes are active, then the slashes already exist
}
return $value;
}

Hi ppl,

I have problem in preparing the sql statement which requires attribrute from another sql statement.

This is the scenario as in PHP code.

$sql1="SELECT attrb1 from table1";

$sql2="SELECT attrb2 fromt table2 where attrb3=".$sql['attrb1']";

What and where is the correct placement of these s'quotes or d'quotes should be?

Please help.
Thank you.

Hey,

I've created a messaging system for my site and I'm trying to make it so that a copy of the original message is included and automatically put into the message content box when somebody clicks to reply.

I've done this literally just by making the "reply" button into a form which also posts the content of the message from the previous page and puts it into the content box.

However I have some issues with it: firstly, wherever ' is used, it becomes \' and wherever " is used, the whole of the rest of the message is blanked out.

Can anybody point me in the direction of the solutions I might need to make it so that ' and " both appear normally without cutting the rest of the message off?

Thanks in advance & let me know if anything is missing!

So I ran into the most bizarre problem ever on my live server. For some odd reason something, somewhere is adding an extra character after every " mark I have. Now I am using zend framework but this can not be an issue involving them since everything works perfectly on my localhost. I am using 1and1 to host my application but for the love of me I can not narrow this down any more.

Ex of my problem, I type this into my text box: "This is a sentence" and it proceeds to saving this: \"This is a sentence\" 

Something is happening right after I submit my form because if I add the code directly in my database, it displays everything fine. Has any one ever ran into this problem before?

Hello,

I have a script coded in PHP and alot of JavaScript and I have problems with

languages like Arabic and Hebrew ( non Latin characters) ..

It is showed as question marks in the website like this ( ?????????) and in the database ..

I converted the SQL Database from Latin Swedish to UTF-8 in phpmyadmin and now the database is correct but the website is still in question marks .

In every HTML code you can see this :

........... content="text/html; charset=utf-8"/>

and I tried changing the same php pages to UTF-8 using text editors but nothing happened .

any help will be great. thanks.

While playing with some code, I wrote these few lines of script.

$_SESSION["favcolor"] = green;

echo "Session variable is ". $_SESSION["favcolor"] ;

I tested the code and everything worked fine.
But then, I noticed an error in my coding: I had accidentally forgotten the QUOTES around the word GREEN.

I corrected the code

$_SESSION["favcolor"] = "green";

But when I tested it, the page would not open/load.

Then I removed the quote marks and restored the line to it's original state
 

$_SESSION["favcolor"] = green;

And things worked fine.

Shouldn't the quote marks be required?
Why am I having this issue?
Is it really an issue, or should I just accept that it works WITHOUT the quotes and be satisfied with that result?

Hi all,


I have an issue on a form that when it gets submitted a slash '/' appears before every quote symbol.
I had help solving the issue on one of the fields (the name field), but then later it was discovered that the slashes appear in all the fields whenever a quote was used (agreed, poor testing).

Can someone be so good to help me solve this? My php knowledge is not so great which is exactly why I'm asking here
Please see my code below. If this problem can be solved in the same manner as the name field was solved, then there are 2 files which will need the edits. They are below:
(some trivial information purposely removed for security reasons)

preview.php

<div id="card">
    <img id="logo" src="logo.jpg" />
    <div id="card1"><?php echo stripslashes($_REQUEST['text1']); ?>&nbsp;</div>
    <div id="card2"><?php echo $_REQUEST['text2']; ?>&nbsp;</div>
    <div id="card3"><?php echo $_REQUEST['text3']; ?>&nbsp;</div>
    <?php 
        if($_REQUEST['text4'] != '' && $_REQUEST['text5'] != '')
            $text = $_REQUEST['text4'].'&nbsp;&bull;&nbsp;'.$_REQUEST['text5'];
        else
            $text = $_REQUEST['text4'].$_REQUEST['text5'];
    ?>
    <div id="card4"><?php echo $text; ?>&nbsp;</div>
    <div id="card5"><?php echo $_REQUEST['text6']; ?>&nbsp;</div>
</div> 

second_form.php
<?php
    session_start();
    $db_host = 'localhost';
    $db_name = '';
    $db_user = '';
    $db_pass = '';

   
   $admin_email = "admin@aserver.com";

if(isset($_REQUEST['text1'])) $_REQUEST['text1'] = stripslashes($_REQUEST['text1']);
   $from = 'orders@mycompany.com';

    if($_REQUEST['count'] != '50' && $_REQUEST['count'] != '100')
    {
        header( 'Location: order.php' );
        die();
    }

    $card_number = trim($_REQUEST['card_number']);
    $card_security = $_REQUEST['card_security'];
    $card_exp_m = sprintf("%02d",((int)$_REQUEST['car_exm_m'])%100);
    $card_exp_y = sprintf("%02d",((int)$_REQUEST['car_exm_y'])%100);

    $count = $_REQUEST['count'];
    $shipping = 8.65;
    $price = $shipping;
    switch($count)
    {
        case 50: $price += 25; break;
        case 100: $price += 38; break;
    }


//$price = 0.01;
//$shipping = 0.01;

    $price = sprintf("%0.2f",$price);




    $fd_xsd = 'http://***';
    $v1_xsd = 'http://***';
    $a1_xsd = 'https://***';

//$email_rep = str_replace('@','[at]',$_REQUEST['text4']);

    $soap = <<<SOAP
        <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
        <SOAP-ENV:Header />
        <SOAP-ENV:Body>
                <fdggwsapi:FDGGWSApiOrderRequest xmlns:fdggwsapi="$fd_xsd"  xmlns:v1="$v1_xsd">
                <v1:Transaction>
                    <v1:CreditCardTxType>
                        <v1:Type>sale</v1:Type>
                    </v1:CreditCardTxType>
                    <v1:CreditCardData>
                        <v1:CardNumber>$card_number</v1:CardNumber>
                        <v1:ExpMonth>$card_exp_m</v1:ExpMonth>
                        <v1:ExpYear>$card_exp_y</v1:ExpYear>
                    </v1:CreditCardData>
                    <v1:Payment>
                        <v1:ChargeTotal>$price</v1:ChargeTotal>
                        <v1:Shipping>$shipping</v1:Shipping>
                    </v1:Payment>
                    <v1:Billing>
                        <v1:Name>{$_REQUEST['text1']} - {$_REQUEST['text2']} - {$_REQUEST['text3']}</v1:Name>
                        <v1:Email>{$_REQUEST['text4']}</v1:Email>
                        <v1:Phone>{$_REQUEST['text5']}</v1:Phone>
                        <v1:Address2>{$_REQUEST['text5']}</v1:Address2>
                        <v1:Address1>{$_REQUEST['text6']}</v1:Address1>
                    </v1:Billing>
                    <v1:Shipping>
                        <v1:Name>{$_REQUEST['info_name']}</v1:Name>
                        <v1:Address1>{$_REQUEST['info_street']} {$_REQUEST['info_APT']}</v1:Address1>
                        <v1:City>{$_REQUEST['info_city']}</v1:City>
                        <v1:State>{$_REQUEST['info_state']}</v1:State>
                        <v1:Zip>{$_REQUEST['info_zip']}</v1:Zip>
                    </v1:Shipping>

                </v1:Transaction>
            </fdggwsapi:XXXApiOrderRequest>
        </SOAP-ENV:Body>
        </SOAP-ENV:Envelope>
SOAP;
//        echo htmlentities($soap);

    $link = "https://ws.firstdataglobalgateway.com/****";

    $store_id = "***";
    $user_id =      "***";
    $pass = "***";
    $key_pass = "***";
    $uss_pass =  ('WS'.$store_id.'***:'.$pass);


    $path = "/home/hoster/ssl_firstdata/";
    $pem_path = $path . "***.pem";  
    $key_path  = $path. "***_.1.key";

    $ch = curl_init($link);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: text/xml") );
    curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);curl_setopt($ch, CURLOPT_USERPWD, $uss_pass);
    curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, $soap);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_SSLCERT, $pem_path);//pem file
    curl_setopt($ch, CURLOPT_SSLKEY, $key_path); // crt file
    curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $key_pass);

    $res = curl_exec($ch);

    //$xml = simplexml_load_string('<?xml version="1.0" encoding="UTF-8"? >'.$res);
    $xml = simplexml_load_string('<?xml version="1.0" encoding="UTF-8"?>'.$res);


    $ch = $xml->children('SOAP-ENV',true);$ch = $ch[1];$ch = $ch->children('fdggwsapi',true);$response = $ch[0];
    $orderId = trim((string)$response->OrderId);

    mysql_connect($db_host , $db_user, $db_pass);
    if(!mysql_select_db($db_name))
    {
        echo "Create the database please";
        exit;
    }

    $result = array(
                'Order Number' => $orderId,
                'errorMessage' => (string)$response->ErrorMessage,
                'response' => $res,
                "\n\nv_name" => $_REQUEST['text1'],
                'v_degree' => $_REQUEST['text2'],
                'v_graduation' => $_REQUEST['text3'],
                'v_email' => $_REQUEST['text4'],
                'v_phone' => $_REQUEST['text5'],
                'v_address' => $_REQUEST['text6'],
                "\n\nOrder Details" => "\n",
                'v_quantity' => $_REQUEST['count'],
                'cost' => ($_REQUEST['count'] == '50' ? '$25.00' : '$38.00'),
                'shipping and handling' => '$8.65',
                'total price' => ($_REQUEST['count'] == '50' ? '$33.65' : '$46.65'),
                "\n\nShipping Information" => "\n",
                'name'  => $_REQUEST['info_name'],
                'street' => $_REQUEST['info_street'],
                'apt' => $_REQUEST['info_APT'],
                'city' => $_REQUEST['info_city'],
                'state' => $_REQUEST['info_state'],
                'zip' => $_REQUEST['info_zip']
        );


    if(strlen($orderId) != 0 && strpos((string)$response->ErrorMessage,'database error') === false)//success
    {
        $result['success'] = 1;
        $link = 'order.php?step=3';
        $subject = "order submitted";
    }
    else
    {
        $result['success'] = 0;
        $link = 'order.php?step=-3';
        $subject = "Error occured while creating order";

    }

   $_SESSION['data'] = $result;
   $into = array();
   $values = array();
   foreach($result as $key => $val)
   {
        $into[] = "`$key`";
        if($key == 'v_quantity') $values[] = addslashes ($val);
        else $values[] = "'".addslashes($val)."'";
   }
   $query = "INSERT INTO `***`.`orders` (".implode(', ',$into).") VALUES (".implode(', ',$values).");";
   
   require_once "send_mail.php";
   $sendTo = array($admin_email,$result['v_email']);
   send_mails($sendTo,$from,$subject,$result);

    mysql_query($query);
    header('Location: '.$link);
    exit;


function render()
{
    global $res,$xml;
//    var_dump($_REQUEST);           
 

//    echo $res;
//
    echo htmlentities($res);
/* */
    var_dump($xml);

}


?>

Hi All,

I have a html form that I can submit using php, which then enters information into a database. This works fine when the text is just standard text - for example "the cat is on the mat". But if I put in "the cat's on the mat" - then the speach mark throws an error up!

Is there any way around this?

Thanks
Matt

create table mimi (mimiId int(11) not null, mimiBody varchar(255) );
<?php
//connecting to database
include_once ('conn.php');
$sql ="SELECT mimiId, mimiBody FROM mimi";

$result = mysqli_query($conn, $sql );

$mimi = mysqli_fetch_assoc($result);

$mimiId ='<span>No: '.$mimi['mimiId'].'</span>';

$mimiBody ='<p class="leading text-justify">'.$mimi['mimiBody'].'</p>';
?>
//what is next?

i want to download pdf or text document after clicking button or link how to do that

Hello everyone,

Sorry if this has been answered but if it has I can't find it anywhere. So, from the begining then.  Lets say I had a member table and in it I wanted to store what their top 3 interests are.  Their$ row has all the usual things to identify them userID and password etc.. and I had a further 3 columns which were labled top3_1 top3_2 & top3_3 to put each of their interests in from a post form.

If instead I wanted to store this data as a PHP Array instead (using 1 column instead of 3) is there a way to store it as readable data when you open the PHPmyadmin?

At the moment all it says is array and when I call it back to the browser (say on a page where they could review and update their interests) it displays 'a' as top3_01 'r' as top3_02 and 'r' as top3_03 (in each putting what would be 'array' as it appears in the table if there were 5 results. Does anyone know what I mean?

For example -

If we had a form which collected the top 3 interests to put in a table called users,

Code: [Select]
<form action="back_to_same_page_for_processing.php" method="post" enctype="multipart/form-data">
   
    <input name="top3_01" type="text" value="enter interest number 1 here" />
    <input name="top3_02" type="text" value="enter interest number 2 here" />
    <input name="top3_03" type="text" value="enter interest number 3 here" />
    <input type="submit" name="update_button" value=" Save and Update! " />

   
    </form> // If my quick code example for this form is not correct dont worry its not the point im getting at :)
And they put 'bowling' in top3_01, 'running' in top3_02 and 'diving' in top3_03 and we catch that on the same page with some PHP at the top -->

Code: [Select]
        if (isset($_POST)['update_button']) {
   
    $top3_01 = $_POST['top3_01']; // i.e, 'bowling' changing POST vars to local vars
    $top3_02 = $_POST['top3_02']; // i.e, 'running'
    $top3_03 = $_POST['top3_03']; // i.e, 'diving'

With me so far? If I had a table which had 3 columns (1 for each interest) I could put something like -

  Code: [Select]
   include('connect_msql.php');
   
    mysql_query("Select * FROM users WHERE id='$id' AND blah blah blah");
   
    mysql_query("UPDATE users SET top3_01='$top3_01', top3_02='$top3_02', top3_03='$top3_03' WHERE id='$id'");


And hopefully if ive got it right, it will put them each in their own little column. Easy enough huh? But heres the thing, I want to put all these into an array to be stored in the 1 column (say called 'top3') and whats more have them clearly readable in PHPmyadmin and editable from there yet still be able to be called back an rendered on page when requested.

Continuing the example then, assuming ive changed the table for the 'top3' column instead of individual colums,  I could put something like this -


Code: [Select]
            if (isset($_POST)['update_button']) {
       
        $top3_01 = $_POST['top3_01']; // i.e, 'bowling' changing POST vars to local vars
        $top3_02 = $_POST['top3_02']; // i.e, 'running'
        $top3_03 = $_POST['top3_03']; // i.e, 'diving'
   
    $top3_array = array($top3_01,$top3_02,$top3_03);
   
    include('connect_msql.php');
   
    mysql_query("UPDATE members SET top3='$top3_array' WHERE id='$id' AND blah blah blah");
But it will appear in the column as 'Array' and when its called for using a query it will render the literal string. a r r in each field instead.  Now I know you can use the 'serialize()' & 'unserialize()' funtcions but it makes the entry in the database practically unreadable. Is there a way to make it readable and editable without having to create a content management system?

If so please let me know and I'll be your friend forever, lol, ok maybe not but I'd really appreciate the help anyways.  The other thing is, If you can do this or something like it, how am I to add entries to that array to go back into the data base?

I hope ive explained myself enough here, but if not say so and I'll have another go.  Thanks very much people,  L-PLate (P.s if I sort this out on my own ill post it all here)