PHP - Downloaded File Has Quotes Around It.
Nevermind. Changed the following and it works: ->withHeader('Content-Disposition', 'attachment; filename="'.$name.'"') When downloading a file, the name of the file is 'report.csv' (it literally has single quotes around it so Window's does recognize it as a CSV file). I am obviously adding them, but I am not sure where. The workflow is browser requests from webserver, webserver performs cURL request to a second server, second server creates CSV file and returns it to webserver which returns it to browser client. My code is below (I removed some unrelated script for briefness, but should have all pertinent code). Do you see the culprit? Any recommendations on how to troubleshoot? Thanks
Browser Client $('#list-header').on('click', '.download-data', function() { window.location.assign("/api/query/trend?parameters=foo&Accept=csv"); }); Webserver $app->get('/api/query/trend', function(Request $request, Response $response) { $uri = $request->getUri(); $path = substr($uri->getPath(), 4); //Remove "/api" from uri return $this->serverBridge->proxy($request->withUri($uri->withPath($path)), $response); }); $c['serverBridge'] = function ($c) { return new \NotionCommotion\ServerBridge\ServerBridge( new \GuzzleHttp\Client([ 'base_uri' => $c['settings']['server']['scheme'].'://'.$c['settings']['server']['host'], 'headers' => ['X-NotionCommotion-Key' => $c['settings']['server']['key']], 'timeout' => 30, ]) ); }; class ServerBridge { private $httpClient; public function __construct(\GuzzleHttp\Client $httpClient){ $this->httpClient=$httpClient; //Must be configured with default path } public function proxy(\Slim\Http\Request $slimRequest, \Slim\Http\Response $slimResponse):\Slim\Http\Response { //Forwards Slim Request to another server and returns the updated Slim Response. //TBD whether this method should change urlencoded body if provided to JSON and change Content-Type header. //TBD whether this method should change not send Slim request to Guzzle, but instead create a new Guzzle request and apply headers as applicable. $body=$slimRequest->getBody(); $slimRequest=($contentType=$slimRequest->getContentType()) ?$slimRequest->withUri($slimRequest->getUri()->withHost($this->getHost(false))) //Change slim's host to API server! :$slimRequest->withUri($slimRequest->getUri()->withHost($this->getHost(false)))->withHeader('Content-Type', $contentType); //And also apply Content-Type $guzzleResponse=$this->httpClient->send($slimRequest); //Blacklist headers which should not be changed. TBD whether I should whitelist headers instead. $excludedHeaders=['Date', 'Server', 'X-Powered-By', 'Access-Control-Allow-Origin', 'Access-Control-Allow-Methods', 'Access-Control-Allow-Headers']; $headerArrays=array_diff_key($guzzleResponse->getHeaders(), array_flip($excludedHeaders)); foreach($headerArrays as $headerName=>$headers) { foreach($headers as $headerValue) { $slimResponse=$slimResponse->withHeader($headerName, $headerValue); } } return $slimResponse->withStatus($guzzleResponse->getStatusCode())->withBody($guzzleResponse->getBody()); } private function getHost(bool $includeSchema=true):string { $baseUri=$this->httpClient->getConfig()['base_uri']; return $includeSchema?$baseUri->getScheme().'://'.$baseUri->getHost():$baseUri->getHost(); } } API Server $app->get('/query/trend', function (Request $request, Response $response) { $dataObject = $this->trendService->query($request->getQueryParams()); $responder = new ResponseContent\ResponseContentCsv($response); return $responder->respond($dataObject); ); class ResponseContentCsv { protected $response; public function __construct(\Psr\Http\Message\ResponseInterface $response) { $this->response=$response; } public function respond($dataObject) { $stream = fopen('php://memory', 'w+'); //Use fputcsv() to write to stream $name='report.csv'; rewind($stream); return $this->response->withBody(new \Slim\Http\Stream($stream)) //->setOutputBuffering(false) ->withHeader('Content-Description', 'File Transfer') ->withHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0') //->withHeader('Content-Type', 'text/csv') ->withHeader('Content-Disposition', "attachment; filename='$name'") ->withHeader('Expires', '0') //->withHeader('Content-Length', $doc->size), ->withHeader('Pragma', 'public'); } } Edited May 5, 2019 by NotionCommotion Figured out what I was doing wrong Similar Tutorialshi... Im developing a web site to store a audio and video songs and it enable to download the songs for users. most of features I have finished at the moment. I need to count download users amount in a song and also need to count how many users view it only. actually I dont have any idea to do it using php. so anyone can me give any idea how to do it. thanks in advance for your help.... actually im try to do similar this http://www.music.lk/....php?index=5938 please give me any idea to do it.. thanks again.... [attachment deleted by admin] hi... Im developing a web site to store a audio and video songs and it enable to download the songs for users. most of features I have finished at the moment. I need to count download users amount in a song and also need to count how many users view it only. actually I dont have any idea to do it using php. so anyone can me give any idea how to do it. thanks in advance for your help.... [attachment deleted by admin] This code only works in firefox <a onMouseout='hidetooltip()' onMouseover='tooltip(\"<img src=img/heroes/$hero.gif\")' href='hero.php?hero=$hero'>Text</a> Btw, I use this in echo (php). How to get quotes (triple) on <img src= ? I also have tried <img src='img/heroes/$hero.gif' But only works on FireFox Quotation marks are confusing me.
What do you guys use when it comes to quotation marks?
In HTML attributes and throughout the bodies of my web pages, I use the HTML entity ("). For example:
<a href="" title="Read "Article Name""> <p>In his new book, he says: "This is a quote."</p>I thought that this is the best practice. However, today, I read that it's perfectly safe to use straight quotes (") in the body, and that I should use the HTML entity only in HTML attributes. Is that correct? But what if I want to use curly quotes in the body instead of straight quotes? Should I always use the HTML entities for curly quotes (“ and ”), or can I also safely use the characters (“”)? I heard that straight quotes are safe in all browsers, even if you don't specify the character set of your web pages, but that curly quotes are only safe if you specify the character set or if you use the HTML entities. Is that true? And what about the <q> tag? Apparently, it's compatible with all browsers but they treat it differently. Edited by Fluoresce, 30 August 2014 - 07:37 AM. The fancy-looking quotes won't insert into my DB, so I'm trying to convert them to %93 & %94 or normal quotes.
Nothing I've tried works.
Code:
$fancy=" “test” "; $fixed=htmlentities($old, ENT_QUOTES); echo "fancy: $fancy<br>"; echo "fixed: $fixed"; Results: fancy: “test” fixed: I want $fixed to be %93test%94, or even "test" would work. Edited by rwmaho, 18 October 2014 - 01:28 PM. Hello everyone! This is my first post. I am very new to php and mysql and coding in general. It has not been made 100% clear to me as to when I should use single quotes, double quotes, and {}. From what I gather you use single quotes for literal interpretation... so if you put something like a variable in single quotes and echoed it, it would literally echo it as it is written and not the value of the variable. in double quotes, I gather that it will echo the value of the variable. as for {} I am unclear as to when to use the curly brackets for a variable. I am assuming if you had a statement in single quotes and you put a variable in curly brackets you would get the value of the variable?
Edited by LazerOrca, 25 November 2014 - 11:20 PM. I don't think I've asked this before have I?? can someone give me an internet KB that gives me all scenarios that warrant using singles or doubles? as in, wrapping values, variables, and why I need to do either, and when, etc, etc....? thanks Edited March 29 by ajetrumpetA problem has arisen which puzzles me. I have forms which save data to MySql and retrieve it, showing it as the default data in the form. Naturally I escape any quotes before sending it to the database and remove the slashes when I retrieve it. But the form HTML code shows the data like this value="$variable" which is fine when only single quotes are used in the data but causes a problem when the user uses double quotes. So data of John \"Jack\" Smith would be output as value="John "Jack" Smith" with obvious problems. If I use value='...' then that would cause problems with single quotes. I haven't seen the answer in any of my books. The only things I can think of is changing all double quotes to single before saving to DB or converting them with htmlspecialcharacters so they are no longer actual quotes. Hello, Using the following code, I'm extracting the $current_solution from my database. However, if the variable has quotes in it, I get gobbledegook. Code: [Select] <input type ="radio" name="solution" <?php echo 'value="' . $current_solution . '"' ?> id="solution" <?php if ($row['solution'] == $current_solution) {echo 'checked = "yes"';} ?>/><?php echo$current_solution; ?></label> As an example, if the $current_solution variable is: A right-side up letter u then I get: " id="solution" checked = "yes"/> A right-side up letter "u". I know that it's a quote issue but am not sure how to fix it. I tried adding slashes but I fear that it didn't work. Any thoughts on this would be appreciated! Thanks so much, Eric If I put into the database this string: Call the wife's son tomorrow How do I put it in to keep that apostrohe (wife's) and then when I retrieve it, also keep it without it displaying as wife/'s If I use stripslashes I think that just gets rid of the slash, but I want to KEEP the slash (but still protecting the database so it is not seen as a quote by the php code). I hope this is clear :-) Alright, I've troubleshooted for about an hour on this and still can't figure it out, I've got the following line of code: Code: [Select] $newstring = '$search = mysql_query("SELECT * FROM cmscbesalke.game where gameTitle = '".$gametitle."'");'; that is giving the following error: Parse error: syntax error, unexpected '"' in /home/content/06/8675706/html/edit.game.php on line 136 I've tried to do the following as well: Escaping the ", adding in extra . operators, and removing quotes. The complicated part here is that I need the fwrite to write the $gametitle variable, with single quotes around it that way the mysql_query will return the correct database entry, but everytime I get the line of code to work it does not put the quotes. So, I think you have all heard the news. THEY ARE GONE! Unfortunately, I do have some old code that I do not feel like going line by line and updating. I was wounding if you guys could help me out. I was hoping that there would be a way to set a define of some sort then when I grab something out of an SQL table it will automatically takeout the "\" (Slashes) and when I insert something into the database it will add the slashes... YES I know and have read the statement written by the php group [http://www.php.net/manual/en/securit...uotes.why.php] But i do not particularly want to go through my code and change everything by hand. If you have any idea, or would like me to explain it another way, please post. Any help will be greatly appreciated. --redcrusher Hi, newbie here. Could someone show me how to properly escape the quotes in this code so it works properly? I'm having major problems with it, thanks. echo "<td style="background-color:#fff" onMouseover="this.style.backgroundColor='#ff9900';" onMouseout="this.style.backgroundColor='#fff';">" Hi... I'm trying to get this code to work: echo "<a href='". $row['img_path']."'><img border=0 src='". $row['thumb_bw_path']."' onmouseover='this.src='". $row['thumb_path']."'' onmouseout='this.src='". $row['thumb_bw_path']."'' />". "</a></td> \n"; To get the hover effect that i want there is alot of quotes. The hover effect does not work and i guess it is because of the wrong use of quotes. The correct way is: Code: [Select] onmouseover="this.src='source_to_image'" But the use of double quotes " is not possible... Is there a simple solution to this? My old server had magic_quotes_gpc turned on. My new one does not. Will mysql_real_escape_string solve all the issues that magic_quotes was used for? My site runs a blogging application and it seems some of the templates which contain a lot of html and css do not insert into the database properly even when using mysql_real_escape_string. Thanks, Brian i have some code which checks to see if a username and an email is in use. from what i can understand, it uses magic quotes to prevent sql injection. i've heard that magic quotes are not going to be in use in php6, so how can i change it so that it uses real escape string instead? if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 != 0) { die('Sorry, the username '.$_POST['username'].' is already in use.'); } if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $emailcheck = $_POST['email']; $check = mysql_query("SELECT email FROM users WHERE email = '$emailcheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 != 0) { die('Sorry, the email '.$_POST['email'].' is already registered to another account.'); } Thanks I'm trying to figure out why it won't display the quote(s) for the selected person. I echoed the query and it's getting the correct id its just not displaying correctly. Any ideas? function getQuotes($id) { $id=mysql_real_escape_string($id); $sql = "SELECT * FROM `efed_bio_quotes` WHERE bio_id = '$id'"; $re = mysql_query($sql); $i = 0; $quotes = array(); $row = mysql_fetch_assoc($re); extract($row); ?> <ul id="quotes"> <?php if(count($quotes) > 0){ for($i = 0; $i < count($quotes); $i++){ echo "<li>".$quotes[$i]."</li>"; } } else{ echo '<li>This wrestler has no quotes.</li>'; } ?> </ul> <?php } I'm designing a website that takes user input from in a <textarea></textarea> and enters the input into a database. Everything works besides if the user has double quotes (") in his/her message. (the name of the table that I want to add to is alluserposts) What i have so far is the following: from index.php: <form action="insert2.php" method="post"><textarea name="user_post" rows="6" cols="35"></textarea></form> from insert2.php: mysql_query("INSERT INTO alluserposts (post_value) VALUES(" . "\"" . $_POST['user_post'] . "\")" ,$db) or die(mysql_error($db)); I want the user to be able to input any character. How can i do that? Greetings, I'm trying to execute a shell command with a user-supplied password as input. The password may contain apostrophes and and virtually any other character. Unfortunately, when using escapeshellarg(), the password argument is interpreted as two separate arguments, as escapeshellarg() will handle apostrophes (single quotes) by breaking out of the already quoted text and using a backslash escape. $password = escapeshellarg("ex'ample!%"); // The password will actually be supplied by an HTML form. $command = ('echo '.$password); echo "$command"; // Returns 'ex'\''ample!%' Does anyone have any input on how to accomplish what I'm trying to do? I'd like to allow obscure passwords without disallowing specific characters, while still being "safe" in passing the information to a shell command. Double quotes would work for passing single quotes, but I'm afraid I might break other characters there. Thanks. |