|
PHP - Sending Quote - Ajax
Hi, I am trying to send input Don't, can't or anything else which contains '. But Ajax sends it like: t_name=Don%27t&_=1589636831048 and then I got an error while trying to insert to mysql. I only have problem with '. I tried lots of thing but something is missing. I couldn't figure it out. Could somebody help me? My Ajax:
var t_name = document.getElementById(mydiv).value;
$.ajax(
{
type: "GET",
url: './api/objects/add.php',
async:false,
cache:false,
contentType: "application/x-www-form-urlencoded;charset=ISO-8859-1",
dataType: 'json',
data: {
t_tsk: id,
t_name: t_name
},
success: function (result) {
},
error: function(xhr, status, error) {
document.getElementById("errorDiv").hidden = false;
if (xhr.responseText) {
} else {
}
}
});
My url when I write don't to input area: /add.php?t_tsk=1&t_name=Don%27t&_=1589636831048 My php code:
<?php
// include database and object files
include_once '../config/database.php';
include_once '../objects/myObject.php';
// get database connection
$database = new Database();
$db = $database->getConnection();
$myObject = new MyObject($db);
$myObject->t_id = isset($_GET['t_tsk']) ? $_GET['t_tsk'] : die();
$myObject->name = isset($_GET['t_name']) ? utf8_decode($_GET['t_name']) : die();
if($myObject->create()){
http_response_code(200);
$myObject_arr=array(
"status" => true,
"message" => "Successfully created!",
"id" => $myObject->id,
"name" => $myObject->name
);
}
else{
http_response_code(401);
$myObject_arr=array(
"status" => false,
"message" => "Error!"
);
}
print_r(json_encode($myObject_arr));
?>
Thank you all. Similar TutorialsThis topic has been moved to Ajax Help. http://www.phpfreaks.com/forums/index.php?topic=319274.0 From our website we are connecting to GMAIL to send our emails through SMTP. For some reason it is not sending the emails to the CC or BCC email address event though GMAIL shows it was included in the email. Am I missing something in the below code? Code: [Select] $currentTime = time(); $emailTo = "redbrad0@domain.com"; $emailCC = "brad@domain.com"; $emailBCC = "events@domain.com"; $emailSubject = "TEST Email at (" . $currentTime . ")"; $emailBody = "This is the body of the email"; $headers = array(); if (!empty($emailTo)) $headers['TO'] = $emailTo; if (!empty($emailCC)) $headers['CC'] = $emailCC; if (!empty($emailBCC)) $headers['BCC'] = $emailBCC; if (!empty($emailSubject)) $headers['Subject'] = $emailSubject; $headers['From'] = "events@domain.com"; $mime = new Mail_mime("\n"); $mime->setTXTBody($emailBody); $body = $mime->get(); $headers = $mime->headers($headers); $mail = Mail::factory('smtp', array ('host' => 'ssl://smtp.gmail.com', 'auth' => true, 'port' => 465, 'username' => 'events@domain.com', 'password' => 'thepasswordhere')); try { $result = $mail->send($emailTo, $headers, $emailBody); } catch (TixException $ex) { echo "<font color=red>Error:" . $ex->getCode() . "</font><br>"; } echo "Emailed at (" . $currentTime . ")<br>"; die; Right now I redirect to index page after I delete a record. However I am looking to make it so that I can delete a record without redirecting the page. I know this can be accomplised using Ajax. I have spent countless hours before trying to make it work, but it did not work.
So here is a basic setup I created. Can you please update it with ajax code so that I can see how it's done properly?
<!DOCTYPE HTML> <html lang="en"> <head> <meta charset="UTF-8"> <title>Home Page</title> </head> <body> <div class="record" > <a href="record.php?id=<?php echo $record_id ?>"><?php echo $record_name; ?></a> <div class="delete-record"> <a href="delete.php">Delete Record</a> </div> </div> </body> </html> Edited by man5, 18 August 2014 - 08:55 PM. Hi, I'm trying to delete a string that's single quoted. From: Cyto's to Cyto, but doesn't work. It works when I add 's to the string with stripslashes, but I can't seem to delete a quote from a string. Does someone know how? My $_post code: Code: [Select] $name=mysql_real_escape_string(stripslashes($_POST["ename"])); Cheers I just finished adding the ability to add Comments after Articles on my website. Now it would be nice if people could Quote other Posts/Comments juts like you can do here on PHPFreaks. The problem is that I have this code to eliminate any security issues with HTML... echo ' <div class="userPost"> <span class="commentDate">Posted on: ' . date('Y-m-d g:ia', strtotime($createdOn)) . '</span> <span class="commentNo">#' . $commentCount . '</span> <p>' . nl2br(htmlentities($comments, ENT_QUOTES)) . '</p> </div>'; Any suggestions to have it both ways? Thanks, Debbie I need some help working out this MySQL query:
I need it to pull a random quote, that hasn't been used before (that's the 'checked' part of the query), and it needs to find it based on a specific category. I am using this alongside PHP with MySQLI Prepared method.
SELECT `id`, `word`, `def` FROM `dictionary` AS `r1` JOIN (SELECT (RAND() * (SELECT MAX(`id`) FROM `dictionary`)) AS `id`) AS `r2` WHERE `r1`.`id` >= `r2`.`id` AND `category`=? AND `checked`=0 ORDER BY `r1`.`id` ASC LIMIT 1This query yields an error stating that the id column is ambiguous. Good Day everyone. I'm looking at creating a quote calculator, it will be like a form with questions about what the user wants to buy or quote and will give out a number in dollars based on what product the user selects from a drop down list. Example: What sandwich would you like to buy? (List Items) Price:(prices will be echo here). 1. Roast beef 2. Chicken 3. vegetable 4. Fish Now if the user selects Roast Beef, the price of the Roast Beef sandwich will be echo or printed. What would you like on your sandwich? (Check boxes must be use because user may need more then one condiment added.) 1. Ketchup 2. Cheese 3. Mustard 4. Lettuce Now if the user add ketchup, Cheese, ect, the price will add to the price of the sandwich and echo a total. Would you like a drink with your order? Again check boxes, user can select more then one drink, price added and totaled. 1. Diet Coke 2. Sprite 3. Root Beer 4. Mountain Dew. Also I need to be able to change the prices of each product in the script. The user does not see the price. The price only becomes visible when the item selected and added to the total. I would like to do this myself but novice to php, I have never done this kind of script befor and have been searching for tutorials and other resources but nothing close to this. Does anybody know where I can find an example, tutorials? Thanks everyone. IC While playing with some code, I wrote these few lines of script. $_SESSION["favcolor"] = green; echo "Session variable is ". $_SESSION["favcolor"] ;
I tested the code and everything worked fine. I corrected the code $_SESSION["favcolor"] = "green"; But when I tested it, the page would not open/load.
Then I removed the quote marks and restored the line to it's original state $_SESSION["favcolor"] = green; And things worked fine.
Shouldn't the quote marks be required? Hey, I just wondered if someone could help me with this small problem? Here's the code: <?php if($_GET['act'] == "generate_quotes") { $db = mysql_connect("*", "*", "*") or die ("Unable to connect to database."); mysql_select_db("quote") or die ("Unable to select database."); $offset_result = mysql_query( " SELECT FLOOR(RAND() * COUNT(*)) AS `offset` FROM `quote` "); $offset_row = mysql_fetch_object( $offset_result ); $offset = $offset_row->offset; $result = mysql_query( " SELECT * FROM `quote` LIMIT $offset, 1 " ); $fetch = mysql_fetch_array($result); echo "<blockquote>".$fetch['q_quote']; mysql_close($db); } else { echo "<img src=\"1.png\">"; } ?> <a href='gen.php?act=generate_quotes'>Generate</a> Basically what it does is shows an image until a link is clicked, then the image disappears and some quotes are generated in it's place. When you click the link, sure enough, the image disappears and the quotes are read from the database. But after that the link doesn't change the quote. [it's meant to randomly cycle through the quotes in the database]. The quote still changes when refreshing the page, but this link: <a href='gen.php?act=generate_quotes'>Generate</a> does nothing after 'generate_quotes' has been set. any ideas how to fix this? thanks in advance. So I am trying to make my life easier at work. I have this idea that I can automate the sales quote via a simple website. I have the entire product list in MySQL and I can query for the individual catagories etc etc and get them to display. The display shows the SKU, Description, Price, and a third field to select quantity. The issue is that once they select a quantity of a paticular line item I need that line item (sku, description, and price fields) to be carried over to the final quote page where the math is done. Not sure how to key the paticular line item fields off the quantity field. Any ideas greatly appreciated... Code: [Select] <?php $query = "SELECT * FROM tbl_prods WHERE cat = 'fruit'"; $target = mysql_query($query); confirm_query($target); while($row = mysql_fetch_assoc($target)) { ?> <form action="quoter.php" method="POST"> <tr> <td><input name="sku" type="text" value="<?php echo $row[sku]; ?>" size="20" /></td> <td><textarea name="desc" cols="150" rows="2"><?php echo $row[desc]; ?></textarea></td> <td><input name="price" type="text" value="<?php echo $row[price]; ?>" size="20" /></td> <td><input name="quantity" type="text" value="0" size="3" maxlength="2" /></td> </tr> <?php } ?> </table> <input type="hidden" name="cust" value="<?php echo $cust; ?>"></p> <input type="hidden" name="reg" value="<?php echo $region; ?>"></p> <input type="submit" name="submit" value="Submit"></p> </form> If this were an example post in a forum: Code: [Select] $post = '[quote author=james]hello this is a quote[/quote] here is some mor text between the next coming quote [quote author=david]hello this is another quote[/quote]'; What is the best way to replace the [quotes author=x] with opening html tag eg: Code: [Select] <div class="quote"><div class="quoteTitle">author=x</div> And then determine if the next is a [/quote ] is an opener or close quote? And then of course there is the issue of the user deleting a [/quote] or even placing a [/quote] before an open quote... Does anyone know of an example to look at? I am trying to do the seemingly simple thing - replace all single quotes in text str_replace ("'", "´", $text); It does not replace anything. I trying escaping single quote, using other similar functions - nope. Also tried to google What I an doing wrong? Any help would ne much appreciated. I am making a simple script for my friend that uses mod_rewrite, but for testing I don't use the mod_rewrite link. The page is video.php The extension is ?title= I have having a problem when I type the title with a Single Quote in it('). Example. video.php?title=The-Sorcerer's-Apprentice I have str_replace for the dash(-) to be replaced as a space, so that's not the problem. Here's my code. <?php if($_GET) { $title="{$_GET['title']}"; $title = str_replace('_', ' ', $title); $title = str_replace('-', ' ', $title); if ($list = mysql_query("SELECT * FROM videos WHERE title='". mysql_real_escape_string($title) ."'") or die (mysql_error())); { if(mysql_num_rows($list) > 0){ if (mysql_num_rows($list)) { while($videos=mysql_fetch_array($list)) { ?> <div id="content"> <center><h3><?php echo $videos['title']; ?></h3> <object width="640" height="385"><param name="movie" value="<?php echo $videos['youtubelink']; ?>"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="<?php echo $videos['youtubelink']; ?>" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object> <br/><br/><a onclick="javascript:history.go(-1)" href="#">Go Back</a> </center> </div> <?php } } } ?> This will have been posted before, but I can't find a solution that works. Most people say to try mysql_real_escape_string, I have tried lots of variations and it doesn't seem to work. Could anyone help with the below code? It is part of a form that returns a syntax error when adding a single quotation mark e.g. entering "Bryan's" into the form causes the error. I'd be really grateful for any assistance. Steven P.S. Before anyone mentions it, the mysql connect does work - I just haven't included the full page of code. Code: [Select] mysql_connect($dbserver, $dbusername, $dbpassword); mysql_select_db($dbname); $sitetitle = htmlentities($_POST[sitetitle]); $query = mysql_query("UPDATE site_settings SET sitetitle = '$sitetitle'"); echo("<b>Settings Updated!</b>"); Hi all, I have an issue on a form that when it gets submitted a slash '/' appears before every quote symbol. I had help solving the issue on one of the fields (the name field), but then later it was discovered that the slashes appear in all the fields whenever a quote was used (agreed, poor testing). Can someone be so good to help me solve this? My php knowledge is not so great which is exactly why I'm asking here Please see my code below. If this problem can be solved in the same manner as the name field was solved, then there are 2 files which will need the edits. They are below: (some trivial information purposely removed for security reasons) preview.php <div id="card"> <img id="logo" src="logo.jpg" /> <div id="card1"><?php echo stripslashes($_REQUEST['text1']); ?> </div> <div id="card2"><?php echo $_REQUEST['text2']; ?> </div> <div id="card3"><?php echo $_REQUEST['text3']; ?> </div> <?php if($_REQUEST['text4'] != '' && $_REQUEST['text5'] != '') $text = $_REQUEST['text4'].' • '.$_REQUEST['text5']; else $text = $_REQUEST['text4'].$_REQUEST['text5']; ?> <div id="card4"><?php echo $text; ?> </div> <div id="card5"><?php echo $_REQUEST['text6']; ?> </div> </div> second_form.php <?php session_start(); $db_host = 'localhost'; $db_name = ''; $db_user = ''; $db_pass = ''; $admin_email = "admin@aserver.com"; if(isset($_REQUEST['text1'])) $_REQUEST['text1'] = stripslashes($_REQUEST['text1']); $from = 'orders@mycompany.com'; if($_REQUEST['count'] != '50' && $_REQUEST['count'] != '100') { header( 'Location: order.php' ); die(); } $card_number = trim($_REQUEST['card_number']); $card_security = $_REQUEST['card_security']; $card_exp_m = sprintf("%02d",((int)$_REQUEST['car_exm_m'])%100); $card_exp_y = sprintf("%02d",((int)$_REQUEST['car_exm_y'])%100); $count = $_REQUEST['count']; $shipping = 8.65; $price = $shipping; switch($count) { case 50: $price += 25; break; case 100: $price += 38; break; } //$price = 0.01; //$shipping = 0.01; $price = sprintf("%0.2f",$price); $fd_xsd = 'http://***'; $v1_xsd = 'http://***'; $a1_xsd = 'https://***'; //$email_rep = str_replace('@','[at]',$_REQUEST['text4']); $soap = <<<SOAP <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header /> <SOAP-ENV:Body> <fdggwsapi:FDGGWSApiOrderRequest xmlns:fdggwsapi="$fd_xsd" xmlns:v1="$v1_xsd"> <v1:Transaction> <v1:CreditCardTxType> <v1:Type>sale</v1:Type> </v1:CreditCardTxType> <v1:CreditCardData> <v1:CardNumber>$card_number</v1:CardNumber> <v1:ExpMonth>$card_exp_m</v1:ExpMonth> <v1:ExpYear>$card_exp_y</v1:ExpYear> </v1:CreditCardData> <v1:Payment> <v1:ChargeTotal>$price</v1:ChargeTotal> <v1:Shipping>$shipping</v1:Shipping> </v1:Payment> <v1:Billing> <v1:Name>{$_REQUEST['text1']} - {$_REQUEST['text2']} - {$_REQUEST['text3']}</v1:Name> <v1:Email>{$_REQUEST['text4']}</v1:Email> <v1:Phone>{$_REQUEST['text5']}</v1:Phone> <v1:Address2>{$_REQUEST['text5']}</v1:Address2> <v1:Address1>{$_REQUEST['text6']}</v1:Address1> </v1:Billing> <v1:Shipping> <v1:Name>{$_REQUEST['info_name']}</v1:Name> <v1:Address1>{$_REQUEST['info_street']} {$_REQUEST['info_APT']}</v1:Address1> <v1:City>{$_REQUEST['info_city']}</v1:City> <v1:State>{$_REQUEST['info_state']}</v1:State> <v1:Zip>{$_REQUEST['info_zip']}</v1:Zip> </v1:Shipping> </v1:Transaction> </fdggwsapi:XXXApiOrderRequest> </SOAP-ENV:Body> </SOAP-ENV:Envelope> SOAP; // echo htmlentities($soap); $link = "https://ws.firstdataglobalgateway.com/****"; $store_id = "***"; $user_id = "***"; $pass = "***"; $key_pass = "***"; $uss_pass = ('WS'.$store_id.'***:'.$pass); $path = "/home/hoster/ssl_firstdata/"; $pem_path = $path . "***.pem"; $key_path = $path. "***_.1.key"; $ch = curl_init($link); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: text/xml") ); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);curl_setopt($ch, CURLOPT_USERPWD, $uss_pass); curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, $soap); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSLCERT, $pem_path);//pem file curl_setopt($ch, CURLOPT_SSLKEY, $key_path); // crt file curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $key_pass); $res = curl_exec($ch); //$xml = simplexml_load_string('<?xml version="1.0" encoding="UTF-8"? >'.$res); $xml = simplexml_load_string('<?xml version="1.0" encoding="UTF-8"?>'.$res); $ch = $xml->children('SOAP-ENV',true);$ch = $ch[1];$ch = $ch->children('fdggwsapi',true);$response = $ch[0]; $orderId = trim((string)$response->OrderId); mysql_connect($db_host , $db_user, $db_pass); if(!mysql_select_db($db_name)) { echo "Create the database please"; exit; } $result = array( 'Order Number' => $orderId, 'errorMessage' => (string)$response->ErrorMessage, 'response' => $res, "\n\nv_name" => $_REQUEST['text1'], 'v_degree' => $_REQUEST['text2'], 'v_graduation' => $_REQUEST['text3'], 'v_email' => $_REQUEST['text4'], 'v_phone' => $_REQUEST['text5'], 'v_address' => $_REQUEST['text6'], "\n\nOrder Details" => "\n", 'v_quantity' => $_REQUEST['count'], 'cost' => ($_REQUEST['count'] == '50' ? '$25.00' : '$38.00'), 'shipping and handling' => '$8.65', 'total price' => ($_REQUEST['count'] == '50' ? '$33.65' : '$46.65'), "\n\nShipping Information" => "\n", 'name' => $_REQUEST['info_name'], 'street' => $_REQUEST['info_street'], 'apt' => $_REQUEST['info_APT'], 'city' => $_REQUEST['info_city'], 'state' => $_REQUEST['info_state'], 'zip' => $_REQUEST['info_zip'] ); if(strlen($orderId) != 0 && strpos((string)$response->ErrorMessage,'database error') === false)//success { $result['success'] = 1; $link = 'order.php?step=3'; $subject = "order submitted"; } else { $result['success'] = 0; $link = 'order.php?step=-3'; $subject = "Error occured while creating order"; } $_SESSION['data'] = $result; $into = array(); $values = array(); foreach($result as $key => $val) { $into[] = "`$key`"; if($key == 'v_quantity') $values[] = addslashes ($val); else $values[] = "'".addslashes($val)."'"; } $query = "INSERT INTO `***`.`orders` (".implode(', ',$into).") VALUES (".implode(', ',$values).");"; require_once "send_mail.php"; $sendTo = array($admin_email,$result['v_email']); send_mails($sendTo,$from,$subject,$result); mysql_query($query); header('Location: '.$link); exit; function render() { global $res,$xml; // var_dump($_REQUEST); // echo $res; // echo htmlentities($res); /* */ var_dump($xml); } ?> This topic has been moved to PHP Freelancing. http://www.phpfreaks.com/forums/index.php?topic=320289.0 I have a form that people can fill out, and then it echos the string, however right now they can't use single quotes. Below is how I have it settup. Code: [Select] $side = '<p>About Me:</p> <ul> <li>Birth Date: October, 23rd, 2010</li> <li>Hometown: Rapid City, SD</li> <li>Height: 4\'</li> <li>Weight: 50lbs</li> <li>Foot Size: 4</li> <li>Favorite Movie: All of the Shrek Movies!</li> <li>Favorite Book: Winnie the Pooh Series</li> <li>Favorite Cartoon Character: Eeyore or Donkey from Shrek!</li> <li>Favorite TV Show: Anything on Animal Planet!</li> <li>Favorite Food: Hay</li> <li>Favorite Pro Sports Team: Rapid City Rush</li> <li>Favorite Mascot: Nugget, of course!</li> <li>Favorite Game: Donkey Kong!<br /> </li> </ul>'; if ($side != NULL){ echo "<div class=\"grid_6\" id=\"tertiary\"> $side </div>"; }else{ } And I would be able to use $side = "whatever I want to write"; because then they would still need to escape the double quotes with \" if they wanted to put in a link or anything. How do I do this with allowing them to just use single quotes when they enter their data so they don't have to \' (escape the single quote)? Thanks Hi, I am able to parse php variable in double quote but not in single quote. How can I parse in single quote. Following example shows 2 results and I want same result in both. First Name : Zohaib First Name : $firstname Code: [Select] // Connecting, selecting database $link = mysql_connect('localhost', 'root', 'password'); mysql_select_db('dbname'); // Performing SQL query $query = 'SELECT first_name FROM tablename'; $result = mysql_query($query); // Printing results in HTML while ($row = mysql_fetch_assoc($result)) { $firstname=$row['first_name']; } echo"<table> <tr> <td>First Name : </td> <td>$firstname</td> </tr></table>"; echo'<table> <tr> <td>First Name : </td> <td>$firstname</td> </tr></table>'; What are the changes I need to do to achieve same result. Any solution ? - Thanks. Hi I have a simple form and when the user submits, php is putting a \ before every single quote entered in the field. So for example, if a user enters O'Neill, once i do $lastName = $_POST["lastname"]; $lastName comes back as: O\'Neill is there some way I can turn this off? |
|||||||