|
PHP - Single Quote
Hi,
I'm trying to delete a string that's single quoted. From: Cyto's to Cyto, but doesn't work. It works when I add 's to the string with stripslashes, but I can't seem to delete a quote from a string. Does someone know how? My $_post code: Code: [Select] $name=mysql_real_escape_string(stripslashes($_POST["ename"])); Cheers Similar TutorialsHi, I am able to parse php variable in double quote but not in single quote. How can I parse in single quote. Following example shows 2 results and I want same result in both. First Name : Zohaib First Name : $firstname Code: [Select] // Connecting, selecting database $link = mysql_connect('localhost', 'root', 'password'); mysql_select_db('dbname'); // Performing SQL query $query = 'SELECT first_name FROM tablename'; $result = mysql_query($query); // Printing results in HTML while ($row = mysql_fetch_assoc($result)) { $firstname=$row['first_name']; } echo"<table> <tr> <td>First Name : </td> <td>$firstname</td> </tr></table>"; echo'<table> <tr> <td>First Name : </td> <td>$firstname</td> </tr></table>'; What are the changes I need to do to achieve same result. Any solution ? - Thanks. This will have been posted before, but I can't find a solution that works. Most people say to try mysql_real_escape_string, I have tried lots of variations and it doesn't seem to work. Could anyone help with the below code? It is part of a form that returns a syntax error when adding a single quotation mark e.g. entering "Bryan's" into the form causes the error. I'd be really grateful for any assistance. Steven P.S. Before anyone mentions it, the mysql connect does work - I just haven't included the full page of code. Code: [Select] mysql_connect($dbserver, $dbusername, $dbpassword); mysql_select_db($dbname); $sitetitle = htmlentities($_POST[sitetitle]); $query = mysql_query("UPDATE site_settings SET sitetitle = '$sitetitle'"); echo("<b>Settings Updated!</b>"); I am trying to do the seemingly simple thing - replace all single quotes in text str_replace ("'", "´", $text); It does not replace anything. I trying escaping single quote, using other similar functions - nope. Also tried to google What I an doing wrong? Any help would ne much appreciated. I have a form that people can fill out, and then it echos the string, however right now they can't use single quotes. Below is how I have it settup. Code: [Select] $side = '<p>About Me:</p> <ul> <li>Birth Date: October, 23rd, 2010</li> <li>Hometown: Rapid City, SD</li> <li>Height: 4\'</li> <li>Weight: 50lbs</li> <li>Foot Size: 4</li> <li>Favorite Movie: All of the Shrek Movies!</li> <li>Favorite Book: Winnie the Pooh Series</li> <li>Favorite Cartoon Character: Eeyore or Donkey from Shrek!</li> <li>Favorite TV Show: Anything on Animal Planet!</li> <li>Favorite Food: Hay</li> <li>Favorite Pro Sports Team: Rapid City Rush</li> <li>Favorite Mascot: Nugget, of course!</li> <li>Favorite Game: Donkey Kong!<br /> </li> </ul>'; if ($side != NULL){ echo "<div class=\"grid_6\" id=\"tertiary\"> $side </div>"; }else{ } And I would be able to use $side = "whatever I want to write"; because then they would still need to escape the double quotes with \" if they wanted to put in a link or anything. How do I do this with allowing them to just use single quotes when they enter their data so they don't have to \' (escape the single quote)? Thanks I am making a simple script for my friend that uses mod_rewrite, but for testing I don't use the mod_rewrite link. The page is video.php The extension is ?title= I have having a problem when I type the title with a Single Quote in it('). Example. video.php?title=The-Sorcerer's-Apprentice I have str_replace for the dash(-) to be replaced as a space, so that's not the problem. Here's my code. <?php if($_GET) { $title="{$_GET['title']}"; $title = str_replace('_', ' ', $title); $title = str_replace('-', ' ', $title); if ($list = mysql_query("SELECT * FROM videos WHERE title='". mysql_real_escape_string($title) ."'") or die (mysql_error())); { if(mysql_num_rows($list) > 0){ if (mysql_num_rows($list)) { while($videos=mysql_fetch_array($list)) { ?> <div id="content"> <center><h3><?php echo $videos['title']; ?></h3> <object width="640" height="385"><param name="movie" value="<?php echo $videos['youtubelink']; ?>"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="<?php echo $videos['youtubelink']; ?>" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object> <br/><br/><a onclick="javascript:history.go(-1)" href="#">Go Back</a> </center> </div> <?php } } } ?> Is there a difference between a single quote regex and and double quote regex ?
for example :
<?php
$res1 = preg_match('/shi*t/', $comment);
$res2 = preg_match("/shi*t/", $comment);
?>
Thank you
Edited by Dareros, 17 September 2014 - 07:07 PM. Let me preface this by saying that I've been using php for a while, but never got extremely advanced, so feel free to slap me about for something stupid... I'm working through a jQuery & PHP book, and I've noticed that he's wrapping all his column and table names in the apostrophe ` when making MySQL queries . In the past I've never done this. What does the ` do? I understand about single quotes and double quotes, but haven't come across the ` being used. What's the deal? Hi I have a simple form and when the user submits, php is putting a \ before every single quote entered in the field. So for example, if a user enters O'Neill, once i do $lastName = $_POST["lastname"]; $lastName comes back as: O\'Neill is there some way I can turn this off? Hi, I'm trying to type in a name of a song into an input field, for example: I'll Be Missing you This field is captured through $_POST and set to a variable $title I then update the table with this new title. Once it is updated, all that is shown in the data is: I The single quote, and anything after it is gone completely. Here is my query. How can I change this so it includes the single quote and everything after it? $sql = "UPDATE sheets SET artist = '$artist', title = '$title', active = '$activestatus' WHERE id = $value"; $result = mysql_query($sql) or die(mysql_error().'<br>'.$sql); If more code is required to understand what I'm talking about, let me know. I'm so sorry for this question but I not really know how to play with single and double quote. If I have a query like this: Code: [Select] mysql_query('UPDATE table SET Status=1,Sending=Done WHERE ID IN ('.implode(',', $done).')'); And I wish to add Code: [Select] SentAt='$date' in the query as well , and I try this: Code: [Select] mysql_query('UPDATE table SET Status=1,Sending=Done,SentAt='$date' WHERE ID IN ('.implode(',', $done).')'); Not working...how should I write it? Thank you. When I add a ' or " quotes in a textarea I get a sql error when it tries to insert the record.
I was told to use mysqli_real_escape_string but that didn't work.
Here's my code -
$blog= mysqli_real_escape_string($con, $_POST['blog']);
$blog= $_POST['message'];
$sql = "SELECT * FROM table WHERE `message` = '{$message}'";
$result = mysql_query($sql);
if ( mysql_num_rows ( $result ) > 0 )
{
$error = "Message Exists.";
}
else
{
$error = "This message does not exist. Insert it!!!";
$sql="INSERT INTO table (message) VALUES ('$_POST[message])";
}
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
mysqli_close($con)
Edited by barkly, 26 October 2014 - 09:31 PM. PHP script return 20 UL LIST values like, < ul >
A < /ul > How to display UL LIST into row wise 5 columns like
A B C D Hi, I've been scratching my head for a while now about how to do this, I'm relatively new to php and mysql and perhaps foolishly taking on creating a user area for a website. I have everything else working, all of my register account functions and confirmations and all of the login scripts etc. I have created a profile page which returns various information to the user (this bit works fine) and I've got some nice show/hide toggles running with some javascript/css but my intention is to allow the user to change thier information (e-mail address, contact phone number and also whether they are subscribed to the e-mail list), it also displays any support tickets or messages. So after the long intro, here's what I'm struggling with... I have a form in a visibility toggled <div> which submits a 'change_email' script, so a user wants to change their e-mail, clicks on change, the <div> appears, they bang in the new e-mail and hit submit. My php script appears to work (because it doesn't throw up any errors), until you realise that actually it's not updated the record in the db... I'm using mysql_query("UPDATE users SET email='$new_email' WHERE username='$user'"); Do I need to setup variables for all of the information in the db (name, username, password, email, contno etc etc) and include them in the command to get it to work or should that just pick the correct record and then update it? If that is the case is there a way I can include 'blank' variables so I don't have to set them all up... e.g. mysql_query("UPDATE users SET user='',password='',email='$new_email', etc WHERE username='$user'"); Many thanks in anticipation I just finished adding the ability to add Comments after Articles on my website. Now it would be nice if people could Quote other Posts/Comments juts like you can do here on PHPFreaks. The problem is that I have this code to eliminate any security issues with HTML... echo ' <div class="userPost"> <span class="commentDate">Posted on: ' . date('Y-m-d g:ia', strtotime($createdOn)) . '</span> <span class="commentNo">#' . $commentCount . '</span> <p>' . nl2br(htmlentities($comments, ENT_QUOTES)) . '</p> </div>'; Any suggestions to have it both ways? Thanks, Debbie I need some help working out this MySQL query:
I need it to pull a random quote, that hasn't been used before (that's the 'checked' part of the query), and it needs to find it based on a specific category. I am using this alongside PHP with MySQLI Prepared method.
SELECT `id`, `word`, `def` FROM `dictionary` AS `r1` JOIN (SELECT (RAND() * (SELECT MAX(`id`) FROM `dictionary`)) AS `id`) AS `r2` WHERE `r1`.`id` >= `r2`.`id` AND `category`=? AND `checked`=0 ORDER BY `r1`.`id` ASC LIMIT 1This query yields an error stating that the id column is ambiguous. Good Day everyone. I'm looking at creating a quote calculator, it will be like a form with questions about what the user wants to buy or quote and will give out a number in dollars based on what product the user selects from a drop down list. Example: What sandwich would you like to buy? (List Items) Price:(prices will be echo here). 1. Roast beef 2. Chicken 3. vegetable 4. Fish Now if the user selects Roast Beef, the price of the Roast Beef sandwich will be echo or printed. What would you like on your sandwich? (Check boxes must be use because user may need more then one condiment added.) 1. Ketchup 2. Cheese 3. Mustard 4. Lettuce Now if the user add ketchup, Cheese, ect, the price will add to the price of the sandwich and echo a total. Would you like a drink with your order? Again check boxes, user can select more then one drink, price added and totaled. 1. Diet Coke 2. Sprite 3. Root Beer 4. Mountain Dew. Also I need to be able to change the prices of each product in the script. The user does not see the price. The price only becomes visible when the item selected and added to the total. I would like to do this myself but novice to php, I have never done this kind of script befor and have been searching for tutorials and other resources but nothing close to this. Does anybody know where I can find an example, tutorials? Thanks everyone. IC So I am trying to make my life easier at work. I have this idea that I can automate the sales quote via a simple website. I have the entire product list in MySQL and I can query for the individual catagories etc etc and get them to display. The display shows the SKU, Description, Price, and a third field to select quantity. The issue is that once they select a quantity of a paticular line item I need that line item (sku, description, and price fields) to be carried over to the final quote page where the math is done. Not sure how to key the paticular line item fields off the quantity field. Any ideas greatly appreciated... Code: [Select] <?php $query = "SELECT * FROM tbl_prods WHERE cat = 'fruit'"; $target = mysql_query($query); confirm_query($target); while($row = mysql_fetch_assoc($target)) { ?> <form action="quoter.php" method="POST"> <tr> <td><input name="sku" type="text" value="<?php echo $row[sku]; ?>" size="20" /></td> <td><textarea name="desc" cols="150" rows="2"><?php echo $row[desc]; ?></textarea></td> <td><input name="price" type="text" value="<?php echo $row[price]; ?>" size="20" /></td> <td><input name="quantity" type="text" value="0" size="3" maxlength="2" /></td> </tr> <?php } ?> </table> <input type="hidden" name="cust" value="<?php echo $cust; ?>"></p> <input type="hidden" name="reg" value="<?php echo $region; ?>"></p> <input type="submit" name="submit" value="Submit"></p> </form> Hey, I just wondered if someone could help me with this small problem? Here's the code: <?php if($_GET['act'] == "generate_quotes") { $db = mysql_connect("*", "*", "*") or die ("Unable to connect to database."); mysql_select_db("quote") or die ("Unable to select database."); $offset_result = mysql_query( " SELECT FLOOR(RAND() * COUNT(*)) AS `offset` FROM `quote` "); $offset_row = mysql_fetch_object( $offset_result ); $offset = $offset_row->offset; $result = mysql_query( " SELECT * FROM `quote` LIMIT $offset, 1 " ); $fetch = mysql_fetch_array($result); echo "<blockquote>".$fetch['q_quote']; mysql_close($db); } else { echo "<img src=\"1.png\">"; } ?> <a href='gen.php?act=generate_quotes'>Generate</a> Basically what it does is shows an image until a link is clicked, then the image disappears and some quotes are generated in it's place. When you click the link, sure enough, the image disappears and the quotes are read from the database. But after that the link doesn't change the quote. [it's meant to randomly cycle through the quotes in the database]. The quote still changes when refreshing the page, but this link: <a href='gen.php?act=generate_quotes'>Generate</a> does nothing after 'generate_quotes' has been set. any ideas how to fix this? thanks in advance. Hi, I am trying to send input Don't, can't or anything else which contains '. But Ajax sends it like: t_name=Don%27t&_=1589636831048 and then I got an error while trying to insert to mysql. I only have problem with '. I tried lots of thing but something is missing. I couldn't figure it out. Could somebody help me? My Ajax:
var t_name = document.getElementById(mydiv).value;
$.ajax(
{
type: "GET",
url: './api/objects/add.php',
async:false,
cache:false,
contentType: "application/x-www-form-urlencoded;charset=ISO-8859-1",
dataType: 'json',
data: {
t_tsk: id,
t_name: t_name
},
success: function (result) {
},
error: function(xhr, status, error) {
document.getElementById("errorDiv").hidden = false;
if (xhr.responseText) {
} else {
}
}
});
My url when I write don't to input area: /add.php?t_tsk=1&t_name=Don%27t&_=1589636831048 My php code:
<?php
// include database and object files
include_once '../config/database.php';
include_once '../objects/myObject.php';
// get database connection
$database = new Database();
$db = $database->getConnection();
$myObject = new MyObject($db);
$myObject->t_id = isset($_GET['t_tsk']) ? $_GET['t_tsk'] : die();
$myObject->name = isset($_GET['t_name']) ? utf8_decode($_GET['t_name']) : die();
if($myObject->create()){
http_response_code(200);
$myObject_arr=array(
"status" => true,
"message" => "Successfully created!",
"id" => $myObject->id,
"name" => $myObject->name
);
}
else{
http_response_code(401);
$myObject_arr=array(
"status" => false,
"message" => "Error!"
);
}
print_r(json_encode($myObject_arr));
?>
Thank you all. |
|||||||