How To Search Strings Escaped By Mysql Real Escape String()?
I am currently developing an article script and there are Titles and Contents. To prevent sql injection, people say we must use mysql_real_escape_string().
So let's say if there is a Title that says "My Friend's best friend", if I look into the MySQL table record, the text will be saved as "My Friend's best friend", where the apostrophe is escaped. Code:
View Complete Forum Thread with Replies
Related Forum Messages:
Mysql Real Escape String() In Conditional Statements
I created the following bit of code that allows me to pass a MySQL conditional statement to a function. I am trying to figure out where and how would I go about incorporating the mysql_real_escape_string() function? Is there a way to call the mysql_real_escape_string() in the function itself? Code:
View Replies !
Real Escape String
How can i add a escape string to this php mysql query. mysql_query('insert into times (code, date, time, duration) values ("'.$course_code.'","'.$date_inSQL.'","'.$time_inSQL.'","'.$duration.'" )');
View Replies !
Mysql Real Escape
Upon entry into the database, I first clean form input data with html special characters, strip tags, and mysql real escape string. When I retrieve this data from the db, single quotes aren't coming out right on the pages. Some browsers display a question mark, others a blank space, and another (FireFox) totally screws up the text formatting.
View Replies !
Htmlspecialchars/real Escape
I'm creating a BBCode parser, and everything's working but one thing; I need code tags, but I will need to real_escape/htmlspecialchars the post to make sure it isn't malicious. The only problem is if I real_escape with code tags that contain php, the php will be removed. If I specialchars the post with php, I can't have syntax highlighting (or, not easily). How do I get round this?
View Replies !
Mysql Escape String Permissions
I am using mysql_real_escape_string() for my $_POST variables but I get this error Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'themiss2'@'localhost' (using password: NO) in /home/themiss2/public_html/writing/account_process.php on line 5 I'm not sure how to fix it. ps. this is all based out of cPanel and phpMyAdmin for web and database organization (if that helps withthe problem)
View Replies !
Strings, Escape And Html Forms...
I use PHP to handle some data entry and editing through html form's, all very simple/standard stuff. Fot the moment, I then store all my data in a file (using var_export), but I will switch this over to MySQL at some point soon. At least while I'm using my file storage at present, when a character in a string needs to be escaped (eg. single quote, becomes '), I find that the backslash character keeps getting re-escaped every time the string is edited, through a re-entry of the form. So it then become ', etc... What is the best way to stop this recursion ?
View Replies !
Escape Search
I'm trying to grab data from a database where the entry has a single quotation and then re-search based on that. Basically, I grab the entry: michael's car. But, I want to go back into the table and search for everything that has: michael's car. It seems that PHP always escapes the entries once I grab them from the database. Is there a way to avoid this?
View Replies !
Escape A String
If a string contains characters -- and ', how do I escape the string so that I can compare this string to others or store it in database?
View Replies !
How To Escape String For Preg_match?
I have a string equal to 'www/' that I want to use in a preg_match. Php keeps giving me the warning: Warning: preg_match(): Unknown modifier '/' How can I escape the string so the / in www/ is not interpreted in the preg_match ?
View Replies !
Escape Tags In A String
I have a complete file in a single-line string. Now this string also contains <? and ?> or other script-tags. Of course if I "print" or "echo" the string the php won't be interpreted. But that is exactely what I want. I want scripts like PHP to be executed when I print that string e.g. in a template. Instead it shows something like this: " This is the content of my file <? echo "__FILE__"; ?> which I want to execute scripts. " Anyone know how to have them PHP-Tags be processed?
View Replies !
Escape Characters In A String
Is there a way to strip escape characters from a string? I am trying to send a html email which includes hyperlinks. But this doesn't work as the quotes are preceded by a slash.
View Replies !
Oracle Escape String
When using PHP and MySQL, I know there is a nifty function called mysql_escape_string, to escape whatever you might need to put into your SQL. Now we're coverting from MySQL to Oracle. I'm trying to figure out how to create SQL statments with propertlly escaped strings. There doesn't appear to be an oci_escape_string function. I'm using PHP5 and Oracle 10g on RHEL 4.
View Replies !
Mysql Or For Search (select Part Of String)
I am creating a search function and i want to select say only 100 characters (or pref. 40 words) before and after the returned phrase in the results. so far i am using: $get = mysql_query("SELECT * FROM posts WHERE content LIKE '%".quote_smart($query)."%' ORDER BY $order") or die("Cannot search: ".mysql_error()); i tried to use SELECT id, title, tid, uid, LEFT(content, 50) FROM POSTS.... but the query returned none of the content? any ideas? Code:
View Replies !
String Search - Search A String Of Text & Return A TRUE Value.
I'm trying to do something pretty simple but I'm stuck on what function I need to use. Basically, I have a script where you can type a message and submit it. But I don't want people to use bad words, so if they do, it displays an error message. Example: $string = "Fudge off!" Let's say I don't like the word "fudge" if ( stringcontains('fudge', $string) { echo "No cussing!" } else { Post the string } Does that make sense? I'm basically trying to find some kind of search that will search a string of text looking for the word "fudge" and if it finds it, return a TRUE value. Does such a function exist?
View Replies !
Mysql Real
I found this which I think calls for an indepth brain storming. A very good reading [edited by: eelixduppy at 1:06 pm (utc) on Sep. 12, 2007] [edit reason] fixed typo as per request [/edit]
View Replies !
A Real Challenge For Real PHP Programmers
<?php /* A challenge to every PHP programmer.The one who's gonna solve this problem would be deemed as PSP(PHP Supreme Programmer).The problem is this : You have to write a script that displays a list of categories and subcategorieslike this one: <select name="category"> <option value="1">Main</option> <option value="2">Main > Computers</option> <option value="4">Main > Computers > Hardware </option> <option value="8">Main > Computers > Hardware > PC</option> <option value="7">Main > Computers > Hardware > Mac</option> <option value="9">Main > Computers > Hardware > Atari</option> <option value="11">Main > Computers > Hardware > PC > History of Pc</option> <option value="">etc...</option> </select> The categories and subcategories details are stored in these two tables in a MySQL database. -categories : the categories names and ids. -cat_relations : the relations between categories.It shows which subcategory belongs to which category. The belongings between categories can go very deep and the number of categories is unlimited. This script will create the two tables and fill them with sample data. All you need to do is to change the four variables below. You can send the script back to this email : yasbergy@yahoo.com. */ //Here starts the script. Please change the values of these variables to fit your settings $user = "prospective_PSP"; $database = "db"; $server = "localhost" ; $pwd = "" ; //Connection to the database that you created mysql_connect($server,$user,$pwd) ; mysql_select_db($database); //Creation of the two tables : categories and cat_relations $categories = " CREATE TABLE `categories` (`id` INT not null AUTO_INCREMENT, `name` VARCHAR(100) not null , PRIMARY KEY (`id`), INDEX (`id`), UNIQUE (`id`)) comment = 'The categories details' "; mysql_query($categories) ; $cat_relations = "CREATE TABLE `cat_relations` (`id` INT not null AUTO_INCREMENT, `daughter_id` INT not null, `mother_id` INT not null , PRIMARY KEY (`id`), INDEX (`id`), UNIQUE (`id`)) comment = 'Which category is the daughter of which category'"; mysql_query($cat_relations) ; //Filling the two tables with sample data $cats = array('Main','Computers','Countries','Hardware','S oftware','Programming languages','Mac','PC','Atari','Winamp','History of the PC','IBM','Components','High level','USA','NYC','LA','Manhattan','India','Winzi p'); for ($i=0;$i<count($cats);$i++){ $sql = mysql_query("insert into categories (name) values('".$cats[$i]."')"); } mysql_query("insert into cat_relations (daughter_id,mother_id) values (2,1),(3,1),(4,2),(5,2),(6,2),(7,4),(8,4),(9,4),(1 1,8),(12,8),(13,8),(10,5),(20,5),(14,6),(15,3),(16 ,15),(17,15),(18,16),(19,3)"); //Now you can have a look on them through phpMyAdmin ?>
View Replies !
How To Find Several Strings Within A String
I'm trying to find several keyowrds out of string of text which are the list of keywords for a text file. The keyword list is in a field called keywords in a mysql database. So if the user types in "foo bar foobar" to be looked up and the field contians "Bar foobar foo oyster moregarbage stuff" it will be able to bring up that record.
View Replies !
Php And Mysql Escape Characters
Everytime I want to enter to a textbox area "it's fun" (no quotes) I get an error. "Problems with Query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's fun'" I need to enter " it's fun" (no quotes) in order for MySql accept it. Any work arounds on escape characters? How can I have mySQL just take "it's fun" just like that?
View Replies !
Search Script - More Advanced To Account For Multiple Criteria Strings
I am wanting to search one of my databases, which I have sucessfully achieved using the code: PHP Code: SELECT DISTINCT Plus.Desc, Cstr(Price) AS string_price FROM Plus WHERE Plus.Desc LIKE '%".$criteria."%'" I need to make this script more advanced to account for multiple criteria strings. I.e. If the criteria is "Gloss Paint" I want the results to bring up all the products described with either of the two words in the criteria, so it may bring up the products "gloss 5L white" and also "matt paint 5L", whereas, at the moment with the script, only the products with both the two words will appear, i.e. "gloss paint 5L". which obviously limits the results to very few and is very ineficient.
View Replies !
Split String In Smaller Strings
I have a string consisting of say 1000 characters. Want I want to do is to split the string at the first space after the first 80 characters, enter a <br> tag and after the <br> tag carry on with the rest of the string. Then it needs to repeat this with the remaining string and split it again at the first string after 80 characters till it reach the end of the string. I got it in a way to split it after 80 characters and enter a <br> tag, but it's not working properly and I don't have any idea how to repeat it. PHP Code:
View Replies !
Split The String Into Two Separate Strings
I have this variable: $str = "4xAura Extraction"; I need it to split the string into two separate strings containing this: $split[0]: 4 $split[1]: Aura Extraction I can't use explode(), because that will split it up again if there are x's other than the one that comes after the number. What would be the best way to get this done. I'm asking because I'm not real good at string manipulation when it comes to mutilating them.
View Replies !
Adding Strings To A Query String?
I want to use my string $stringvar to show text in this sql query. ATM its sticking "$player, $score" into a field, I want it to instead print it out into the sql statement. This is my code: $stringvar="$player, $score"; $sql=mysql_query("INSERT INTO $game_db VALUES ('$new_matchid', '$opponent', '$map', $stringvar, '$result')"); This is what I want the sql query thing to look like: $sql=mysql_query("INSERT INTO $game_db VALUES ('$new_matchid', '$opponent', '$map', $player, $score, '$result')");
View Replies !
Replacing Two Strings Within A String And Copying What's Between Them
Yeah, kinda hard to sum up in a title. Basically, I'm trying to do something like BBCode, but I'm only making one tag--a link tag. For example, a user types [url]http://the.wesite.com/[/url], then the php code replaces [url] with <a href="http://the.website.com/"> and [/url] with </a>. Then the URL would appear again between the <a> tags. I've tried looking around, but I can't figure out which of the many string replacement functions I need to use.
View Replies !
MySQL Result To Real Array In Function
I'd like to create a function which input is the result of a mySQL query. The output should be exactly the same, only not a mySQL result array, but a 'real' array. So it should also get the fieldnames returned by mySQL and use those as keys. I can't get things to work properly: it should return a multidimensional array, like $result_array[1] = array( [field1] => field1 value, [field2] => field2 value, etc. ) somehow my result is (with code below) $result_array[1] = array( [0] => field1 value, [field1] => field1 value, [1] => field2 value, [field2] => field2 value, etc. ) +++++ code ++++++ $get_res= mysql_query(QUERY); if( $res = mysql_fetch_array( $get_res ) ) { do{ $result[] = $res; }while( $res = mysql_fetch_array( $get_res ) ); }; foreach( $result as $key => $value ){ print_r($value); };
View Replies !
Real Life Examples Of Mysql+session_set_save_handler
In my test setup using my own session handlers with session_set_save_handler and mysql, the session handler opens and close mysql connections. But what if my page also requires some mysql queries? Should I open a new connection or use the already opened one (opened by the session handler)? I have made it a good practice to close a connection after a query but if I do it with only connection open no session data will be written to my mysql table. I have seen some scripts using persistent connections but are not sure what would be the best for a real world environment.
View Replies !
Save Real HTML Tags Into My Mysql Database.
I want to save real HTML tags into my mysql database. I use $p = htmlentities($content); to convert the strange characters to real html. Then from another page i echo the content from the database and i see real html tags which is what i want.But in the database its still saved as:
View Replies !
Read Data From MS Access Into MySQL In Real-time
I am currently working on a project that involves reading information from a inventory system into Access via ODBC and display the info on the web site using MySQL. I would like to create a live link between the MS Access(local) and MySQL (remote) whenever the inventory system is updated MySQL will be updated as well. I know that MyODBC will let me do the opposite of what I would like to accomplish by reading data in MySQL into Access. Is it possible to do the reverse way.
View Replies !
Why Is Preg_match_all Slower On A Large String Than In A Loop Of Smaller Strings With The Same Overall Length?
While using the following loop to extract images from the google search engine I discovered that preg_match_all works much faster parsing small strings in a loop than extracting all of the urls at once from a much larger string. This surprised me because I expected the preg_match_all to perform the task much faster. Why is this, and is there an easier way to resolve this matter? for ($i = 0; $i < $m; $i++, $start+=20){ $saURL = "http://images.google.com/images?q=" . $searchString . "&start=" . $start; preg_match_all("/:(wwwS+?.(jpg|png|bmp|gif))/i", file_get_contents( $saURL ), $matches); $image = array_merge($image, $matches[1]); }
View Replies !
Escaped Or Not?
I have magic_quotes on. Therefore, backslashes are added before single quotes after a form is submitted. When executing a mysql_query, data is inserted into DB without problems. I remember that some time ago, my single quotes (and of course some other characters as well) were kept escaped in the DB. I could see that when I looked in phpmyadmin at the table records. As of now, my data is kept as it is, as it should look in the DB when I look in phpmyadmin. No escaped characters. As far as form injection and security is concerned, is this safe? How do you keep your records?
View Replies !
Unescaping An Escaped Entry
how to unescape an escaped database entry if that makes sense. When they fill out a comment form, it shows up with words like..."that/'s the reason I/'m doing this" if that makes sense. i want to remove the "/" and I assume its doing that b/c I had to escape the text box when they enter info into the database.
View Replies !
The Amazing Escaped Single-quote
Say you have a form with a textarea. Say you type something with single-quotes (e.g. I'm happy so I'm sad) in the textarea. When the textarea is POSTed to a PHP program, are they escaped with the backslash? I ran it on two different servers and one did and one didn't. Why is this? Is there some setting somewhere? Or is this a version diff thing? Here is the PHP code (I changed all angle brackets to square ones so it'll appear): Code:
View Replies !
How To Get Un-escaped Text From A Form Field
I have a php script that gets the text from a form field: <?php include("global.inc.php"); pt_register( 'POST', 'test1'); echo $test1; ?> The text comes back fine, just some characters (', " and ) are now escaped (', " and ). The problem is that I need the he text to be exactly as it was entered by the user. I could process the text myself, and replace the escaped characters, but I'd like first to understand why this is happening and if there is a way to disable this behavior and get the unmodified text directly.
View Replies !
Search String Delimited In Another String
I have a string (Website referrer). Example: http://www.google.com/search?q=MY STRING HERE&hl=tl&client=firefox-a&channel=s&rls=org.mozilla:en-US:official&hs=dXZ&start=30&sa=N I need to extract the keywords searched (example in the above case: "MY STRING HERE"). I think I need the string between "q=" and the next appearing "&". How can I do this?
View Replies !
Find A Single Or Double Quote In $desc That Was Not Escaped.
I am having problems getting php to escape characters, so I can use them with javascript. Here is the code. PHP Code: $desc = $item['description']; $desc = str_replace("'", "'", $desc); $desc = str_replace('"', "'+String.fromCharCode(34)+'", $desc); echo "<a href='index.php' onMouseover="showTooltip(event,'$desc');return false">Link</a>"; I am trying to get a tooltip to work. It seems to work most of the time, but sometimes the tooltip does not work, and when that happens I can find a single or double quote in $desc that was not escaped.
View Replies !
MYSQL 5.0 And Open Strings
I am using a custom php program for my website to track game stats. It stores stats in my database and my website calles them from there. The problem is that i can seem to get it to work right. all of the php scripts are usign open strings like this: DBQuery("INSERT INTO $maps_table VALUES (' ', '".base64_encode("Crude City Conflict")."', 'maps/crudecityconflict_big.jpg', 'maps/crudecityconflict_thumb.jpg', '', '', '', 'Deathmatch', '');"); and MYSQL 5.0 dosn't like this i keep getting Out of range value adjusted for column 'id' at row 1 errors. is there a way to fix this without placing somthing into this open string like a "0" ('0', ....) I would like to keep the scripts the way they are.
View Replies !
How To Get Strings Containig The Char ' Into Mysql?
I'm having roblems with saving texts containing the char ' (like in O'Brien) into mysql. Since PHP seems to recognize this character as string delimiter, it doesn't work. How can I get around this? Do I have to escape all ' chars like this: '? Or is there a better way of getting them saved into mysql?
View Replies !
Substr On UTF-8 Strings Returned From MySQL
I am trying to truncate some Chinese Text returned from MySQL. If I use the substr function, then the last one or two chinese words would appear as symbols as opposed to the word it should be displaying? The PHP page itself is already UTF-8 encoded What is the best way of truncating such UTF-8 strings (e.g., to return the first 50 chinese "words"). Chinese words appears like "?" (21 chinese "words" shown here).
View Replies !
Adding Strings With Quotes Into Mysql
I am using htmlspecialchars because some strings that I am adding to mysql (articledate) are like the following: Friday - September 15, 2006 by Jolene "foxxylady" Petipas (the quotes are causing problems) Code:
View Replies !
Search Function - Search In MySql Databases., How To?
How do I set up a page where the visitors can search through a mysql database? It's linxcafe.net Im talking about. I want the visitors to be able to seach among all my links (both categories and links) so they find what they are looking for easier. I have searched on google after tutorials on this but I have only found complicated ones.
View Replies !
|
TRACKER
