|
PHP - Mysql Real Escape Sting Help + Text Area Line Break Help???
I am having problems with these slashes. They keep showing up when I echo data....
The code is to update a field in a mysql database table. Here is my code: Code: [Select] $query = mysql_query("SELECT * FROM `bus` WHERE username='$username'"); $row = mysql_fetch_array($query); $bio = $row['about']; $bio = str_replace("<br />","\r\n",$bio); if(isset($_POST['submit'])){ if(empty($errors)){ if($password == $pass){ $about1 = mysql_real_escape_string($_POST["about"]); $about1 = str_replace("\r\n","<br />",$about1); mysql_query("UPDATE bus SET about='$about1' WHERE username='$username'"); }else{$errors[] = 'Incorrect Password';} } } When I run this and put: About: I'm very tired today It's been very hard I get the about1 string as: I\\\'m very tired today\r\nIt\\\'s been very hard Why??? Similar TutorialsHello I am having a problem trying to write to a database using mysql real escape so there wont be any injection attacks. I trying using myrealescape and it returns errors: Code: [Select] Notice: Use of undefined constant messageTo - assumed 'messageTo' in D:\wamp\www\Legit Gaming Upload\LGU\includes\mailCompose.php on line 17 Notice: Use of undefined constant messageSubject - assumed 'messageSubject' in D:\wamp\www\Legit Gaming Upload\LGU\includes\mailCompose.php on line 17 Notice: Use of undefined constant messageBody - assumed 'messageBody' in D:\wamp\www\Legit Gaming Upload\LGU\includes\mailCompose.php on line 17 I add in the single quotes and it doesn't write either. Dreamweaver says that either single quotes or not there is no syntax errors. What going on? I have used it like this befo ('$ID','" . mysql_real_escape_string($_POST[post_content]) . "') and no problems.. ~AJ <?php require_once('connect.php'); if(isset($_COOKIE['user'])){}else{ header( 'Location: members.php'); } if (isset($_POST['sendBtn'])){ $messageFrom = $_COOKIE['user']; $messageTo = $_POST['messageTo']; $hash = $messageTo.$messageFrom.time(); $hash = md5($hash); mysql_select_db("majik"); $sql="INSERT INTO messagesystem(ID, hash, messageTo, messageFrom, messageSubject, messageBody, messageDate, messageRead, messageDelete) VALUES ('','$hash','" . mysql_real_escape_string($_POST['messageTo']) . "','$messageFrom','" . mysql_real_escape_string($_POST['messageSubject']) . "','" . mysql_real_escape_string($_POST['messageBody']) . "','0','0')"; echo '<center>Your message was sent to: '.$messageTo.'</center>'; } ?> I have never used real escape string so want to make sure I did it correctly. Also, if I can place it anywhere else to make it even more secure please let me know. This is just the action of a just a simple POST html form. Here it is. Code: [Select] <?php require ('staffarea/sql.php'); $showform="false"; $mcid = mysql_real_escape_string($_POST['mcid']); $age = mysql_real_escape_string($_POST['age']); $description = mysql_real_escape_string($_POST['description']); if(!mysql_query("INSERT INTO `somedatabase`.`appsubmissions` (`id`, `username`, `age`, `description`, `status`) VALUES (NULL, '$mcid', '$age', '$description', 'Pending');")) { echo '<div class=blockrow><b><font size=4>Submission Error</font><br /><br />Something went wrong. Contact Staff in the Support Forums and give them this information:<br /><br /></b><font color=red>'; echo mysql_error(); echo "</font>"; echo '<br /><br /><a href="/forumdisplay.php?f=14">Support Forums</a></div>'; } else { $lastID=mysql_insert_id(); echo "<div class=blockrow><font size=3><b>$mcid, Thank You for your Building Application!</b></font><br /><br />"; echo "Your Unique Application ID: <b>", $lastID; echo "</b> (save this so you can check the application status later)<br /><br /> Your application was submitted successfully. Please allow Staff 24 hours to accept or deny your application. If after 48 hours you still do not have building rights, assume the application was denied and re-submit with different information. DO NOT submit an application more than every 48 hours, doing so will get your account banned for spamming.<br /><br /> While waiting, you might check out the <a href=/index.php?pageid=mcguide>Ultimate Guide</a>.</div>"; } mysql_close($con); ?> i have made function of prepare or check the mysql real escapte string but when i run this code it gives two warnings msg Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in C:\wamp\www\cart\include\db.php on line 42 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\wamp\www\cart\include\db.php on line 42 kindly tell me what is this msg about how to solve it my code is 37 public function mysql_prep($value){ 38 $magic_quotes_active=get_magic_quotes_gpc(); 39v$new_enough_php=function_exists("mysql_real_escape_string"); 40 if($new_enough_php){ 41if($magic_quotes_active){ $value=stripslashes($value);} 42 $value= mysql_real_escape_string($value);} 43 else { 44 if($magic_quotes_active){$value=addslashes($value);} 45} 46 return $value; 48 } on the first column do I need to escape that? "pm_id" if so how do i do that with the right syntax is it like this? pm_id = '.mysql_real_escape_string.' Code: [Select] <?php $mail2 = "INSERT INTO pm SET pm_id = '', sendto = '".mysql_real_escape_string($to)."', sentfrom = '".mysql_real_escape_string($from)."' ?> Also when you create a new row with a id having auto increment. do i have to do id ="" so there isnt ever two rows matching the same id? '[$username]' is using a variable from a cookie varifying that you are logged in, this code works except i need to put real escape strings and protection from mysql injection and dont really know where to put them. Code: [Select] if (isset($_POST['submit'])) { // now we insert it into the database $insert = "INSERT INTO gamecomments (username, comment) VALUES ('[$username]', '$_POST[comment]')"; $add_comment = mysql_query($insert); { echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=games.php\">"; } } [CODE] Hi, Im trying to make a script to mass update a load of links in my database but im stuck on the basics, How can i detect a new line in a text area? Anyone know why this dosen't work? Code: [Select] <?php if($_POST[newlinks]) { $newlinks = preg_split("\n", ($_POST['newlinks'])); $i = 1; foreach ($newlinks as $newlink) { echo "$i - $newlink <br />"; $i++; } } else { echo "<form method=\"POST\" action=\"changehost.php\">"; echo "<br /> <strong>Enter the new links to try and replace old ones</strong> <br />"; echo "<textarea rows=\"16\" name=\"newlinks\" cols=\"84\"></textarea>"; echo "<input type=\"submit\" value=\"Submit\" name=\"B1\">"; ?> Hi My problem is that text that is in my database are showing up next to each other in a line rather than on seperate lines, normally I would have just used <br> but as it's generated from my sql I don't know how to do it. Code: [Select] <ul id="headlines"> <?php foreach ( $results['articles'] as $article ) { ?> <a href=".?action=viewArticle&articleId=<?php echo $article->id?>"><?php echo htmlspecialchars( $article->title )?></a> <?php } ?> </ul> Anyone have any idea? Thanks Code: [Select] $result = mysql_query("SHOW COLUMNS FROM ".$table.""); $i = 0; if (mysql_num_rows($result) > 0) { while ($row = mysql_fetch_assoc($result)) { $csv_output .= $row['Field'].","; $i++; } } $csv_output .= "\n"; $values = mysql_query("SELECT * FROM ".$table.""); while ($rowr = mysql_fetch_row($values)) { for ($j=0;$j<$i;$j++) { $csv_output .= $rowr[$j].", "; } $csv_output .= "\n"; } print $csv_output; I'm using the above to get a csv output in my browser, but it appears as a string of text eg a1,a2,a3,a4,b1,b2,b3,b4,... I'd like it to appear as a1,a2,a3,a4 b1,b2,b3,b4 c1,c2,c3,c4 Any ideas how? I want to have a line break between the lastname and the age. Please help. echo $line["firstname"].' '.$line["lastname"].' Age is'.$line["age"].'!'; echo '<div class="gamename">'.$values[0].'</div>'; echo '<div class="gameimage"><a href="'.$values[3].'"><img src="'.$values[1].'"></a></div>'; NOW i want 2nd echo under 1st echo. I tried every single <br> combination but no luck Also my 2nd question is: my image and link is a variable, it displays the image but there is something wrong with link. Variable is just like this www.mydomain.com\image\blabla.php but it shows link as==> www.mydomain.com\ instead of what i wrote above. hi i have some troubles to create a new line break for this code: i already tried: Code: [Select] echo "<input type='radio' name='gropu1' value='$id'>$data \n "; // Code: [Select] echo "<input type='radio' name='gropu1' value='$id'>$data.\n "; // Code: [Select] echo "<input type='radio' name='gropu1' value='$id' >$data.'\n'"; what is the correct syntax for that? My hosts version of php just seems to automatically add the backslashes. Adding the escape string just seems to add like 3 of them rather than 1 Is this command out-of-date? I'm trying to use SESSIONS, the start of my page looks like this: <?php session_start(); and the start of the source code looks like this: <br /> <b>Warning</b>: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cookie - headers already sent by The <?php tag is on line 1, yet as you can see Notepad++ seems to add a <br /> before it, which results in the sessions not working. How can I fix this? How do i get the first part of the string, all the way up until the string hits a line break? Code: [Select] <?php $string = "The quick red fox\n jumped over the brown\n lazy dog."; function first_of_string($str) { //php magic return $first_of_string; } echo first_of_string($string); //would produce "The quick red fox" ?> hi, i am using a database to populate a webpage with text. How do I make a function to add line breaks to the text? an example page I want to use it on it http://www.stayneartheairport.com/bandb.php?id=11084507&airport=manchester You can see the two text areas of description and facilities have no paragraphs or other formatting. I want the code to scan the text - and if there is say <br> - it will remove it an replace it with a line break. I am extracting data from one of the sites.I would join these sentences separated by , (comma). The solution that comes to my head is by inserting the text in the file and then using file functions.However, i was wondering if i can use str_replace here . Can anyone please point me in the right direction. Code: [Select] Hospital 30-Day Death (Mortality) Rates from Heart Attack: 15.2% (No different than U.S. National Rate) Hospital 30-Day Readmission Rates from Heart Attack: % (Number of Cases Too Small*) Hospital 30-Day Death (Mortality) Rates from Heart Failu 10.5% (No different than U.S. National Rate) Hospital 30-Day Readmission Rates from Heart Failu 29.9% (Worse than U.S. National Rate) Hospital 30-Day Death (Mortality) Rates from Pneumonia: 9.8% (No different than U.S. National Rate) Hospital 30-Day Readmission Rates from Pneumonia: 20.6% (No different than U.S. National Rate) how do I make this form here have a limit on the value's name, then it moves to the next line? Code: [Select] <form action=\"reply.php?com_id=$com_id\" method=\"post\"> <font color='brown'><u><input type=\"submit\" name ='submit' class=\"link\" value='$title'></u></font> </form> Hello, I have this XML file I am parsing and I have hit a small formatting issue that I can't seem to get around.
Here is what the the output of the RSS looks like.
<description><![CDATA[<div style='text-align:left;'>Exit ramp closed. <br/><b>Current Status:</b> Open<br/><b>Affected Lanes:</b> Exit Ramp<br/><b>Dates:</b> Wednesday, May 28 - Thursday, May 29<br/><b>Days Closed:</b> <font color='#808080'>S</font><font color='#808080'>M</font><font color='#808080'>T</font><font color='#FF0000'><b>W</b></font><font color='#FF0000'><b>T</b></font><font color='#808080'>F</font><font color='#808080'>S</font> 20:00 PM - 6:00 AM</div>]]></description>Notice at the first is "Exit ramp closed." There is nothing before it but, for some weird reason when I parse it. It is on a new line like so, notice it should be up there with "Incident" but, it is dropped down below it. Incident: Exit ramp closed. Current Status: Open Affected Lanes: Exit Ramp Dates: Wednesday, May 28 - Thursday, May 29 Days Closed: SMTWTFS 20:00 PM - 6:00 AMThis is how it is formated in the td cell.
<td style='{$td2Style}'><strong>Incident:</strong> {$incident_data_desc}</td>\n";
So as you can see above, there is nothing before it that would cause it to break to a new line both in the table or in the RSS.
So how can I remove that first return only is that is on the same line with it and not below it.
I have tried this and a couple of other things like trim with no luck.
$description = $item->description;
$incident_data_desc = str_replace("\r", '', $description );
Note, I only need that first one removed, the others are fine. I can do it but it will remove all the breaks and I only want to remove that first one that is causing the line to be on a new line.
Any suggestions?
-ThanksI'd like to use a text editor like this one: http://tinymce.moxiecode.com/examples/full.php for my forums. But I am not sure exactly how I would prevent abuse and injects to messed up the page, rather than being contained in the designated area it is meant for. Could some one please help me, I know htmlspecailchars will not work, since some of the code needs to render as html |
|||||||