|
PHP - How Do I Concatenate Htmlspecialchars? :/
I need to put this inside of a p tag so I can change some properties but everything I've tried doesn't work and just shows nothing.
I've tried this:
printf('<p style="text-align: left; width: 500px;">', htmlspecialchars($fetch['shout'], ENT_QUOTES, 'UTF-8'), '</p>');
This is what I need to be wrapped in p tags:
htmlspecialchars($fetch['shout'], ENT_QUOTES, 'UTF-8');EDIT: I've noticed the code below works but when I style it inside of the tag the text won't show, should I include a CSS file on the PHP file? echo "<p>".htmlspecialchars($fetch['shout'])."</p>\n";EDIT: I just needed to create the CSS for the p tags in the index and it worked perfectly fine. Sorry for the pointless thread. Edited by Alanay, 18 December 2014 - 09:14 AM. Similar TutorialsWhy won't '../stuff.com' concatenate? Code: [Select] <?php echo '<img src="', '../stuff.com'.getUserAvatar($post['username']), "\" class=\"avatar small\" title=\"${displayName}\" alt=\"${displayName}\" />"; ?> I know that usually when we concatenante in PHP we use the period . to concatenate but I have been watching a few videos and they seems to use a comma , instead of .
I didn't know about the comma before and if I didn't hear it wrong the video says both would work just depend on the way you work.
So I tried using comma for testing such as
echo '<pre>' , print_r($var) , '</pre>';which works fine but when I use it in a function for fun such as
function dd($var){
return '<pre>' , print_r($var) , '</pre>';
}
this gives me errors about the comma but if I use period as concatenate the page would not return as html tag <pre>
I know that I can just use var_dump and I tried searching things like difference between , and . in php or something similiar I couldn't find a page to explain the major difference.
Can someone give me a hand? Sorry if this question is too stupid though.
I have the variables $cap and $url If the $cap contains any of the strings ".jpg,.JPG,.gif,GIF" I have to concatenate $url.$cap First project in php and mysql, I've searched but can't find the answer to stringing together two numbers and a "-" without php giving me the results as it thinks I'm creating an equation. I need the string as text. Example, I need the following as a text string, id_have (INT) and id_have (INT) joined together as id_have-id_want, or, as they will be numbers, 23-45. When I use this; $havewant = $id_have . "-" . $id_have; The result will be $id_have (23) minus $id_want (45), I get -22, not what I'm looking for!!! I need the text string of "23-45" to store in a table. Thanks! Hello I have an array where i want the join values (not sum) where the date are the same This my array(var_export)
array (
0 =>
array (
0 =>
array (
0 =>
array (
'dataAula' => '2020-09-21',
'tempos' => '4',
'tempos2' => 'Segunda',
'total' => 4,
),
),
1 =>
array (
1 =>
array (
'dataAula' => '2020-09-22',
'tempos' => '4',
'tempos2' => 'Terça',
'total' => 8,
),
),
2 =>
array (
2 =>
array (
'dataAula' => '2020-09-28',
'tempos' => '4',
'tempos2' => 'Segunda',
'total' => 12,
),
),
3 =>
array (
3 =>
array (
'dataAula' => '2020-09-29',
'tempos' => '4',
'tempos2' => 'Terça',
'total' => 16,
),
),
4 =>
array (
4 =>
array (
'dataAula' => '2020-10-06',
'tempos' => '4',
'tempos2' => 'Terça',
'total' => 20,
),
),
5 =>
array (
5 =>
array (
'dataAula' => '2020-10-12',
'tempos' => '4',
'tempos2' => 'Segunda',
'total' => 24,
),
),
6 =>
array (
6 =>
array (
'dataAula' => '2020-10-13',
'tempos' => '4',
'tempos2' => 'Terça',
'total' => 28,
),
),
7 =>
array (
7 =>
array (
'dataAula' => '2020-10-19',
'tempos' => '4',
'tempos2' => 'Segunda',
'total' => 32,
),
),
8 =>
array (
8 =>
array (
'dataAula' => '2020-10-20',
'tempos' => 1,
'tempos2' => 'Terça',
'total' => 33,
),
),
),
1 =>
array (
0 =>
array (
0 =>
array (
'dataAula' => '2020-10-20',
'tempos' => 3,
'tempos2' => 'Segunda',
'total' => 3,
),
),
1 =>
array (
1 =>
array (
'dataAula' => '2020-10-27',
'tempos' => '4',
'tempos2' => 'Terça',
'total' => 7,
),
),
2 =>
array (
2 =>
array (
'dataAula' => '2020-11-02',
'tempos' => '4',
'tempos2' => 'Segunda',
'total' => 11,
),
),
3 =>
array (
3 =>
array (
'dataAula' => '2020-11-03',
'tempos' => '4',
'tempos2' => 'Terça',
'total' => 15,
),
),
4 =>
array (
4 =>
array (
'dataAula' => '2020-11-09',
'tempos' => '4',
'tempos2' => 'Segunda',
'total' => 19,
),
),
5 =>
array (
5 =>
array (
'dataAula' => '2020-11-10',
'tempos' => '4',
'tempos2' => 'Terça',
'total' => 23,
),
),
6 =>
array (
6 =>
array (
'dataAula' => '2020-11-16',
'tempos' => '4',
'tempos2' => 'Segunda',
'total' => 27,
),
),
7 =>
array (
7 =>
array (
'dataAula' => '2020-11-17',
'tempos' => '4',
'tempos2' => 'Terça',
'total' => 31,
),
),
8 =>
array (
8 =>
array (
'dataAula' => '2020-11-23',
'tempos' => '4',
'tempos2' => 'Segunda',
'total' => 35,
),
),
9 =>
array (
9 =>
array (
'dataAula' => '2020-11-24',
'tempos' => '4',
'tempos2' => 'Terça',
'total' => 39,
),
),
10 =>
array (
10 =>
array (
'dataAula' => '2020-11-30',
'tempos' => '4',
'tempos2' => 'Segunda',
'total' => 43,
),
),
11 =>
array (
11 =>
array (
'dataAula' => '2020-12-07',
'tempos' => '4',
'tempos2' => 'Segunda',
'total' => 47,
),
),
12 =>
array (
12 =>
array (
'dataAula' => '2020-12-14',
'tempos' => '4',
'tempos2' => 'Segunda',
'total' => 51,
),
),
13 =>
array (
13 =>
array (
'dataAula' => '2020-12-15',
'tempos' => '4',
'tempos2' => 'Terça',
'total' => 55,
),
),
14 =>
array (
14 =>
array (
'dataAula' => '2021-01-04',
'tempos' => '4',
'tempos2' => 'Segunda',
'total' => 59,
),
),
15 =>
array (
15 =>
array (
'dataAula' => '2021-01-05',
'tempos' => '4',
'tempos2' => 'Terça',
'total' => 63,
),
),
16 =>
array (
16 =>
array (
'dataAula' => '2021-01-11',
'tempos' => 4,
'tempos2' => 'Segunda',
'total' => 67,
),
),
),
2 =>
array (
0 =>
array (
0 =>
array (
'dataAula' => '2021-01-12',
'tempos' => '4',
'tempos2' => 'Terça',
'total' => 4,
),
),
1 =>
array (
1 =>
array (
'dataAula' => '2021-01-18',
'tempos' => '4',
'tempos2' => 'Segunda',
'total' => 8,
),
),
2 =>
array (
2 =>
array (
'dataAula' => '2021-01-19',
'tempos' => '4',
'tempos2' => 'Terça',
'total' => 12,
),
),
3 =>
array (
3 =>
array (
'dataAula' => '2021-01-25',
'tempos' => '4',
'tempos2' => 'Segunda',
'total' => 16,
),
),
4 =>
array (
4 =>
array (
'dataAula' => '2021-01-26',
'tempos' => '4',
'tempos2' => 'Terça',
'total' => 20,
),
),
5 =>
array (
5 =>
array (
'dataAula' => '2021-02-01',
'tempos' => '4',
'tempos2' => 'Segunda',
'total' => 24,
),
),
6 =>
array (
6 =>
array (
'dataAula' => '2021-02-02',
'tempos' => '4',
'tempos2' => 'Terça',
'total' => 28,
),
),
7 =>
array (
7 =>
array (
'dataAula' => '2021-02-08',
'tempos' => '4',
'tempos2' => 'Segunda',
'total' => 32,
),
),
8 =>
array (
8 =>
array (
'dataAula' => '2021-02-09',
'tempos' => 1,
'tempos2' => 'Terça',
'total' => 33,
),
),
),
)[]
So, for example i have repeated the date 2020-10-20, one with "tempos =1" and another with "tempos=3" I'm looking to have only one date with concatened tempos field Example
array (
'dataAula' => '2020-10-20',
'tempos' => 1+3,
'tempos2' => 'Terça',
'total' => 33,
),
So what i have now is this code but not getting what i need
foreach ($finalCronograma as $sub) {
$row = current($sub);
if (isset($result[$row[0]['dataAula']])) {
$result[$row[0]['dataAula']]['tempos'] .= '+' . $row[0]['tempos'];
} else {
$result[$row[0]['dataAula']] = $sub;
}
}
any help? This topic has been moved to MySQL Help. http://www.phpfreaks.com/forums/index.php?topic=313826.0 Hi, should i use htmlspecialchars() when i write in mysql or when i read from mysql, and should i use another function for safety ? I'm getting this error and not sure my fix. <b>Warning</b>: htmlspecialchars() expects parameter 1 to be string, array given in <b>/home/xtremer/public_html/efedmanager/processes/polls.php</b> on line <b>13</b><br /> $answer = explode(',', $_POST['answersList']); $answer = htmlspecialchars($answer); I'm trying to get a php script working to download the latest CNN news podcast each hour. CNN names the file based on the year, month, day, and time. Here's what I'm trying: Code: [Select] <?php $year = date('Y'); $month = date('m'); $day = date('d'); $now = date('Y-m-d-h'); $hour = date('gA'); $hourplus1 = ($hour + 1); $hourminus1 = ($hour - 1); $ampm = date('A'); $url = "http://podcasts.cnn.net/cnn/services/podcasting/newscast/" . "audio/" . "$year" . "/" . "$month" . "/" . "$day" . "/CNN-News-" . "$month" . "-" . "$day" . "-" . "$year" . "-" . "$hourplus1" . "$ampm" . ".mp3"; echo $url; echo system('wget "$url"'); ?> When running from the shell, I get an "http://: invalid hostname" error. The echo of $url looks right...but it won't run from shell. Any ideas? I have the following mysql query: Code: [Select] $lead_query=$this->db->query(" SELECT `first_name`, `last_name` , `state` FROM leads WHERE `lead_id`='$lead_id' "); $this->view->lead_query=$lead_query->fetchALL(); Now when I retrieve the above details I need to return the first_name last_name together(separated as space) and the name of the key as client_name in the array. I need it that way because when i return a json_encode($lead_query), I want to return the first_name.last_name as client_name. Hello and thanks in advance for any help. Overview: Im tyring to pull data from a XML api using simpleXML. I have ran into a problem with special characters and entities that simpleXML does not accept. IE " " Ive tried all the solutions i could find to no avail. SimpleXML gives me this error. parser error : Entity 'nbsp' not defined in Here is my code. Code: [Select] $feed = simplexml_load_file('URL TO API FEED'); $feed = html_entity_decode($feed); $feed = str_ireplace(array('<','>','&','\'','"'),array('<','>','&',''','"'),$feed); echo 'Game Title: ' .$feed->game. '</br>'; echo 'Ponts Earned: ' .$feed->gamerscore. '</br>'; echo 'Total Achievements: ' .$feed->totalachievements. '</br>'; foreach($feed->achievements->achievement as $ach) { $output = htmlentities($feed->title, ENT_QUOTES, "UTF-8"); echo $output; if( !empty($ach->unlockedartwork)){ echo '<img src=' .$ach->unlockedartwork. '></img></br>'; }else { echo '<img src=' .$ach->artwork. '></img></br>'; } } Here is the code im trying to retrieve. Code: [Select] <achievement id="40"> <title>Have Gun Will Travel </title> <artwork>http://</artwork> <gamerscore>20</gamerscore> <unlocked>true</unlocked> <unlockdate>7/4/2010</unlockdate> </achievement> which one is necessary while protecting form field Edited July 28, 2019 by mahendaWhat do most people prefer to use? htmlspecialchars or htmlentities HI all, Please advice me 1. When to use htmlspecialchars() or mysql_real_escape_string? 2. what is the diffrent? Thank you for your help. Not sure how to debug this. I have the following error that is ONLY happening when our site has a PCI scan running : -
ERRNO: 2
TEXT: htmlspecialchars() expects parameter 1 to be string, array given
LOCATION: /home/bttorj45/public_html/smarty_templates_c/dbbe565f1731d4158472b66b75c85442498e81b9_0.file.top_menu_bar.tpl.php, line 42, at April 11, 2020, 5:05 pm
Showing backtrace:
htmlspecialchars(Array[1], "3", "UTF-8", true) # line 42, file: /home/siteaddress/public_html/smarty_templates_c/dbbe565f1731d4158472b66b75c85442498e81b9_0.file.top_menu_bar.tpl.php
content_5e83087341d089_14126332(Object:Smarty_Internal_Template) # line 123, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_resource_base.php
Smarty_Template_Resource_Base.getRenderedTemplateCode(Object:Smarty_Internal_Template) # line 114, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_compiled.php
Smarty_Template_Compiled.render(Object:Smarty_Internal_Template) # line 216, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_template.php
Smarty_Internal_Template.render() # line 385, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_template.php
Smarty_Internal_Template._subTemplateRender("file:page_elements/top_menu_bar.tpl", null, null, "0", "120", Array[0], "0", false) # line 56, file: /home/siteaddress/public_html/smarty_templates_c/0e4c1495f7a25cef1d85553f951690964f702a5a_0.file.error404.tpl.php
content_5e4ffba4a49c66_36622821(Object:Smarty_Internal_Template) # line 123, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_resource_base.php
Smarty_Template_Resource_Base.getRenderedTemplateCode(Object:Smarty_Internal_Template) # line 114, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_compiled.php
Smarty_Template_Compiled.render(Object:Smarty_Internal_Template) # line 216, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_template.php
Smarty_Internal_Template.render(false, "1") # line 232, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_templatebase.php
Smarty_Internal_TemplateBase._execute(Object:Smarty_Internal_Template, null, null, null, "1") # line 134, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_templatebase.php
Smarty_Internal_TemplateBase.display("pages/error404.tpl") # line 65, file: /home/siteaddress/public_html/errors/404.php
include("/home/siteaddress/public_html/errors/404.php") # line 34, file: /home/siteaddress/public_html/smarty_plugins/function.load_product.php
Product.init("api") # line 5, file: /home/siteaddress/public_html/smarty_plugins/function.load_product.php
smarty_function_load_product(Array[2], Object:Smarty_Internal_Template) # line 39, file: /home/siteaddress/public_html/smarty_templates_c/53725e8a2fc4b6c7c0c42e801dab2741a0994a8e_0.file.product.tpl.php
content_5e579e9761f086_59385269(Object:Smarty_Internal_Template) # line 123, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_resource_base.php
Smarty_Template_Resource_Base.getRenderedTemplateCode(Object:Smarty_Internal_Template) # line 114, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_compiled.php
Smarty_Template_Compiled.render(Object:Smarty_Internal_Template) # line 216, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_template.php
Smarty_Internal_Template.render(false, "1") # line 232, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_templatebase.php
Smarty_Internal_TemplateBase._execute(Object:Smarty_Internal_Template, null, null, null, "1") # line 134, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_templatebase.php
Smarty_Internal_TemplateBase.display("pages/product.tpl") # line 85, file: /home/siteaddress/public_html/dirs.php
I ***think*** the scan must be inputting something in the search box to cause this (I'm awaiting info from Security Metrics with regard to this).
{load_chat assign="chat"}
{if $chat->mChat}
<script type="text/javascript" id="763333b0f312f025d780a8f4451bf6f3" src="https://www.siteaddress.com/online-support/script.php?id=763333b0f312f025d780a8f4451bf6f3"></script>
{/if}
{if !$chat->mChat && $settings->mSettings[13]}
<script type="text/javascript" id="aaa07817d7cd2a7dce9e0ffac6286dbb" src="https://www.siteaddress.com/online-support/script.php?id=aaa07817d7cd2a7dce9e0ffac6286dbb"></script>
{/if}
<div id="menu_switch"><i class="fa fa-bars fa toggler"></i></div>
<form id="product_search" method="get" action="{$smarty.const.SITE_ROOT}/searchresults/">
<input type="text" name="search" placeholder=" Product Search" style="font-family: FontAwesome, Arial; font-style: normal; font-size:18px;" {if isset($smarty.request.search) && $settings->mSettings[107]}value="{$smarty.request.search|escape:'htmlall'}"{/if} /><button type="submit" class="button"><i class="fa fa-search" aria-hidden="true"></i> <i class="fa fa-caret-right" aria-hidden="true"></i></button>
</form>
<form id="code_search" method="post" action="{$smarty.const.SITE_ROOT}/cart/quickadd.php">
<input type="text" name="code" maxlength="14" placeholder=" Product Code" style="font-family: FontAwesome, Arial; font-style: normal; font-size:18px;" /><button type="submit" name="submit" class="orange"><i class="fa fa-shopping-cart" aria-hidden="true"></i> Quick Add <i class="fa fa-caret-right" aria-hidden="true"></i></button>
</form>
{if !isset($hidecart) && isset($cartsmall) && $cartsmall->mCart.sub > 0}
<p id="view_cart"><a class="button orange" href="{$smarty.const.SITE_ROOT}/cart/"><span class="hidden-xs hidden-sm"><i class="fa fa-shopping-cart" aria-hidden="true"></i> View Cart </span>£{$cartsmall->mCart.sub} <i class="fa fa-caret-right" aria-hidden="true"></i></a></p>
{/if}
<script>
$('.toggler').click(function() {
$(this).toggleClass("fa-bars fa-times");
});
</script>
function.load_search.php :-
<?php
function smarty_function_load_search($params, $smarty) {
$search = new Search();
$search->init();
$smarty->assign($params['assign'], $search);
}
class Search {
// public fields
public $mSearchString;
public $mSearchArray;
public $mProducts;
public $mProductCount;
// private fields
private $mDoSettings;
private $mDoCatalogue;
function __construct() {
require_once FILE_ROOT . '/data_objects/do_settings.php';
$this->mDoSettings = new DoSettings();
require_once FILE_ROOT . '/data_objects/do_catalogue.php';
$this->mDoCatalogue = new DoCatalogue();
if (isset($_REQUEST['search']) && strlen(trim($_REQUEST['search']))>0 ) {
$this->mSearchString = trim(stripslashes($_REQUEST['search']));
$this->mSearchArray = explode(" ", $this->mSearchString);
} else {
header ("Location: /emptysearch/");
die ();
}
}
public function init() {
$this->mProducts = $this->mDoCatalogue->SearchProducts($this->mSearchArray);
$this->mProductCount = count($this->mProducts);
for ($i = 0; $i < count($this->mProducts); $i++) {
$this->mProducts[$i]['price_inc'] = number_format($this->mProducts[$i]['price'] * (($this->mDoSettings->GetSetting(1) / 100) + 1), 2, ".", ",");
}
}
}
?>
do_catalogue.php :-
public function SearchProducts($search) {
$fields = array("code", "title", "keywords");
$query_string = "SELECT p.code, p.title, p.cattext, p.price, p.img, p.url, p.available, p.due, p.special, p.newproduct, p.discontinued, c.name, c.menulinktext FROM " . $this->mProductTable . " p " .
"JOIN categories c ON p.category = c.id " .
"WHERE ((";
for ($f = 0; $f < count($fields); $f++) {
if ($f != 0) { $query_string .= ") OR ("; }
for ($s = 0; $s < count($search); $s++) {
if ($s != 0) { $query_string .= " AND "; }
$query_string .= "p." . $fields[$f] . " LIKE '%" . $this->mDoQuery->dbManager->DbEscape($search[$s]) . "%'";
}
}
$query_string .= ")) AND active=1 AND live=1 " .
"ORDER BY p.rating ASC";
return $this->mDoQuery->dbManager->DbGetAll($query_string);
}
Any idea's how to fix it? I can't replicate it with a specific issue as I don't know what the scan is doing to cause this! Thanks Hello Guys ... i am new here and i am also new in php i selfstudy html css and js and bootstrap for front-end and for back-back php & mysql & PDO & OOP and i will soon start mvc then laravel and i am trying to secure my input field and i do not want any attacks or sql injects and i see people user filter_var and htmlentities and htmlspecialchars and each one has diffrent opinion can some one help me and tell me what is the best for securing input which all values will store in database thanks <3
When sending data via $_POST for example, I've seen the data get filtered with both mysql_real_escape_string or htmlspecialchars When should you use one or the other? Hello dears, I've tried to use htmlspecialchars or htmlentities but both no longer work ! Example1 : Code: [Select] <?php $new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES); echo $new; ?> Output should <a href='test'>Test</a> Code: [Select] <?php $str = "A 'quote' is <b>bold</b>"; echo htmlentities($str); ?> Output should A 'quote' is <b>bold</b> But it isn't working ? what is wrong ? Does anyone have an example of when htmlentities() would be used over htmlspecialchars()? |
|||||||