Mysql Real Escape
Upon entry into the database, I first clean form input data with html special characters, strip tags, and mysql real escape string. When I retrieve this data from the db, single quotes aren't coming out right on the pages. Some browsers display a question mark, others a blank space, and another (FireFox) totally screws up the text formatting.
View Complete Forum Thread with Replies
Related Forum Messages:
Mysql Real Escape String() In Conditional Statements
I created the following bit of code that allows me to pass a MySQL conditional statement to a function. I am trying to figure out where and how would I go about incorporating the mysql_real_escape_string() function? Is there a way to call the mysql_real_escape_string() in the function itself? Code:
View Replies !
How To Search Strings Escaped By Mysql Real Escape String()?
I am currently developing an article script and there are Titles and Contents. To prevent sql injection, people say we must use mysql_real_escape_string(). So let's say if there is a Title that says "My Friend's best friend", if I look into the MySQL table record, the text will be saved as "My Friend's best friend", where the apostrophe is escaped. Code:
View Replies !
Htmlspecialchars/real Escape
I'm creating a BBCode parser, and everything's working but one thing; I need code tags, but I will need to real_escape/htmlspecialchars the post to make sure it isn't malicious. The only problem is if I real_escape with code tags that contain php, the php will be removed. If I specialchars the post with php, I can't have syntax highlighting (or, not easily). How do I get round this?
View Replies !
Real Escape String
How can i add a escape string to this php mysql query. mysql_query('insert into times (code, date, time, duration) values ("'.$course_code.'","'.$date_inSQL.'","'.$time_inSQL.'","'.$duration.'" )');
View Replies !
Mysql Real
I found this which I think calls for an indepth brain storming. A very good reading [edited by: eelixduppy at 1:06 pm (utc) on Sep. 12, 2007] [edit reason] fixed typo as per request [/edit]
View Replies !
A Real Challenge For Real PHP Programmers
<?php /* A challenge to every PHP programmer.The one who's gonna solve this problem would be deemed as PSP(PHP Supreme Programmer).The problem is this : You have to write a script that displays a list of categories and subcategorieslike this one: <select name="category"> <option value="1">Main</option> <option value="2">Main > Computers</option> <option value="4">Main > Computers > Hardware </option> <option value="8">Main > Computers > Hardware > PC</option> <option value="7">Main > Computers > Hardware > Mac</option> <option value="9">Main > Computers > Hardware > Atari</option> <option value="11">Main > Computers > Hardware > PC > History of Pc</option> <option value="">etc...</option> </select> The categories and subcategories details are stored in these two tables in a MySQL database. -categories : the categories names and ids. -cat_relations : the relations between categories.It shows which subcategory belongs to which category. The belongings between categories can go very deep and the number of categories is unlimited. This script will create the two tables and fill them with sample data. All you need to do is to change the four variables below. You can send the script back to this email : yasbergy@yahoo.com. */ //Here starts the script. Please change the values of these variables to fit your settings $user = "prospective_PSP"; $database = "db"; $server = "localhost" ; $pwd = "" ; //Connection to the database that you created mysql_connect($server,$user,$pwd) ; mysql_select_db($database); //Creation of the two tables : categories and cat_relations $categories = " CREATE TABLE `categories` (`id` INT not null AUTO_INCREMENT, `name` VARCHAR(100) not null , PRIMARY KEY (`id`), INDEX (`id`), UNIQUE (`id`)) comment = 'The categories details' "; mysql_query($categories) ; $cat_relations = "CREATE TABLE `cat_relations` (`id` INT not null AUTO_INCREMENT, `daughter_id` INT not null, `mother_id` INT not null , PRIMARY KEY (`id`), INDEX (`id`), UNIQUE (`id`)) comment = 'Which category is the daughter of which category'"; mysql_query($cat_relations) ; //Filling the two tables with sample data $cats = array('Main','Computers','Countries','Hardware','S oftware','Programming languages','Mac','PC','Atari','Winamp','History of the PC','IBM','Components','High level','USA','NYC','LA','Manhattan','India','Winzi p'); for ($i=0;$i<count($cats);$i++){ $sql = mysql_query("insert into categories (name) values('".$cats[$i]."')"); } mysql_query("insert into cat_relations (daughter_id,mother_id) values (2,1),(3,1),(4,2),(5,2),(6,2),(7,4),(8,4),(9,4),(1 1,8),(12,8),(13,8),(10,5),(20,5),(14,6),(15,3),(16 ,15),(17,15),(18,16),(19,3)"); //Now you can have a look on them through phpMyAdmin ?>
View Replies !
Php And Mysql Escape Characters
Everytime I want to enter to a textbox area "it's fun" (no quotes) I get an error. "Problems with Query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's fun'" I need to enter " it's fun" (no quotes) in order for MySql accept it. Any work arounds on escape characters? How can I have mySQL just take "it's fun" just like that?
View Replies !
Mysql Escape String Permissions
I am using mysql_real_escape_string() for my $_POST variables but I get this error Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'themiss2'@'localhost' (using password: NO) in /home/themiss2/public_html/writing/account_process.php on line 5 I'm not sure how to fix it. ps. this is all based out of cPanel and phpMyAdmin for web and database organization (if that helps withthe problem)
View Replies !
MySQL Result To Real Array In Function
I'd like to create a function which input is the result of a mySQL query. The output should be exactly the same, only not a mySQL result array, but a 'real' array. So it should also get the fieldnames returned by mySQL and use those as keys. I can't get things to work properly: it should return a multidimensional array, like $result_array[1] = array( [field1] => field1 value, [field2] => field2 value, etc. ) somehow my result is (with code below) $result_array[1] = array( [0] => field1 value, [field1] => field1 value, [1] => field2 value, [field2] => field2 value, etc. ) +++++ code ++++++ $get_res= mysql_query(QUERY); if( $res = mysql_fetch_array( $get_res ) ) { do{ $result[] = $res; }while( $res = mysql_fetch_array( $get_res ) ); }; foreach( $result as $key => $value ){ print_r($value); };
View Replies !
Real Life Examples Of Mysql+session_set_save_handler
In my test setup using my own session handlers with session_set_save_handler and mysql, the session handler opens and close mysql connections. But what if my page also requires some mysql queries? Should I open a new connection or use the already opened one (opened by the session handler)? I have made it a good practice to close a connection after a query but if I do it with only connection open no session data will be written to my mysql table. I have seen some scripts using persistent connections but are not sure what would be the best for a real world environment.
View Replies !
Save Real HTML Tags Into My Mysql Database.
I want to save real HTML tags into my mysql database. I use $p = htmlentities($content); to convert the strange characters to real html. Then from another page i echo the content from the database and i see real html tags which is what i want.But in the database its still saved as:
View Replies !
Read Data From MS Access Into MySQL In Real-time
I am currently working on a project that involves reading information from a inventory system into Access via ODBC and display the info on the web site using MySQL. I would like to create a live link between the MS Access(local) and MySQL (remote) whenever the inventory system is updated MySQL will be updated as well. I know that MyODBC will let me do the opposite of what I would like to accomplish by reading data in MySQL into Access. Is it possible to do the reverse way.
View Replies !
Getting The REAL Directory?
Is there any way to get the directory/path of the file running the script, not the directory you're inside (Via dir())? I'm allowing the user to navigate through directories, and that part works great - but whenever I attempt to used getcwd(), it returns the directory the user is in - not the directory of the php file - is there any way to get the directory of the .php file the user is using?
View Replies !
Real Estate MLS/IDX
I am trying to program an MLS/IDX search feature to be integrated into a real estate website. This progrom will allow MLS/IDX searching/browsing (searching by MLS #, house variables, etc) and browsing by property location, etc. I have come accross RETS and have tried to go about it, but wow, maybe MLS/IDX is just some mythical database that doesn't exist? If anyone can help me out here. show some code, point me to a resource, tutorial, something that would be some assistance, I would bow down to them, and mail them one, yes, one ice cold root beer.
View Replies !
Resolve Real IP
I can get the apparent IP from $_SERVER['REMOTE_ADDR']; . However, how can I find the real IP if the user is behind a proxy? I know it must be possible as some "whatismyip" sites do it.
View Replies !
Escape
<?php echo ("Vladimir's brother said, "Ain't that a hoot?""); ?> Vladimir's brother said, "Ain't that a hoot?" Vladimir's brother said, "Ain't that a hoot?"
View Replies !
Escape <
I'm adding 3 strings and need to escape possible <? and <<< when they occur. I can't figure out a way to do it. This is the code joining the strings. If it comes across a <? in the results it does not add additional strings in the loop. $Result = $Result . chr(intval($k/16)+48) . chr(intval(fmod($k, 16))+48); for($m=0; $m<=$i-1; $m++) { $k=ord(substr($mpass,$m,1)); $k=$k+$LASTK+(27*$j); settype($k, float); $k= fmod($k, 256); $LASTK=$k; $Result = $Result . chr(intval($k/16)+48) . chr(intval(fmod($k, 16))+48) $j++; }
View Replies !
Real-time Output?
I'm a relative PHP newbie, so I apologize if this is a simple question. Anyway, here's my problem. I'm using a PHP script to pre-render a bunchload of insert files for an HTML page. Right now there's about 1,600, but that number could get much, much higher when the site goes live. I'll only need to re-render the whole batch once or twice a year (if that) but it's still something I'd like to be able to do in case I have to move the site to a different server, or there's a hard drive crash or etc. Basically what the script does is grab a whole bunch of information from a database and write the insert file. It does this for every single one. The problem of course, is that PHP by default does all this server-side, and then sends it to the browser. Because this process takes like ten or twenty minutes to do, the browser times out long before it's finished. Is there a way to get progressive output with PHP? Or do I need to re-do this in another language like Perl?
View Replies !
Real Length Of Arrays
Sometimes, I want to know how many elements are really in an array (php3). The count() and sizeof() functions apparently return the number of non-empty array elements, and if you do a while loop checking for empty will stop on the first empty element. I have been using the following function: function truecount($theArray) { if (is_array($theArray)) { end($theArray); return key($theArray); } } but if the key is non-numeric, won't that trip me up? Anyone have a better solution?
View Replies !
Md5 / Sha1 - Any Real Difference?
I use md5 hash with some of my cookies and occassionally a hidden form field - I know the physical data on my network is insecure (unless being served via https) but I was wondering if there are any advantages to using md5 over sha1 or versa vicea... I know md5 gives me a unique 32bit hash while sha1 I've read is 'secure' (?) and gives a 40bit hash... Since The technical webpage on sha1 is lengthy and for the most part over my head... and other than today, I've never heard of it before... I was wondering if anyone could offer any comments on it...
View Replies !
Real Time Chat
There's anyone out there that can give me a light on real time chat using sockets. I've seen some using push technics but they all hang up after an elapsed amount of time.
View Replies !
Real IP Address From Behind Proxy Or NAT
How to get the real IP address of a user, not that of their proxy server or the external NAT address. I was quite sure that this wasn't possible without some kind of process getting the address on the client machine. I have suggested that these sites could be using Java to get the real IP address, however, I could be wrong and for me the script that I found always returns 127.0.0.1 . This suggests to me that any script attempting to obtain the hosts real IP address infarct rely s on the HTTP-X-FORWARDED-FOR header sent by the proxy server...
View Replies !
Real-time Clock
Where should I start to write a Real-time Clock? I want it be dynamic, not static. I know how to get the time and display it but how do I keep changing it ?
View Replies !
My Real Estate Scripts
I have been writing a real estate agency program and its coming on well but taking longer than I thought. Also I think I am just re-inventing the wheel as I guess like BB scripts there are probably good free ones already writen in php and using mysql ? Can anyone recommend one.? can then continue learning while adapting it to my purposes.
View Replies !
REAL E-mail Validation
if there is a way to actually send an e-mail to the server and see if it bounces or not? What I'm trying to do is require users to enter a valid e-mail address on the front page before entering the site. I don't want to do simple character validation (check for @ and no special chars, etc, etc) but actually see if the e-mail account truly exists before letting them into the site.
View Replies !
Real-time Chat
I wrote a PHP chat system similar to gChat which simply uses constant ajax calls to update the chat. This system is fine for a few users, but with potentially thousands of users, it is much too hard on the server. I've been considering taking the 'Comet' route, but have heard that PHP can't handle Comet very well. What would be the best language/API to perform real-time chat for a large user-base?
View Replies !
Real Time Sql Query
I am making a web-based chat but to get the msg from the database i need to refresh the page and that will make load and extra bandwidth on the server so i want to make the query in real time ( only the new msg to be received without refresh the whole page ), Any one in here knows how to get data from sql database without having to refresh page.
View Replies !
Escape Probem
I am having a little trouble copying PHP code into a file, here is an example of what I am trying to do...
View Replies !
Escape A String
If a string contains characters -- and ', how do I escape the string so that I can compare this string to others or store it in database?
View Replies !
Getting Rid Of Escape Characters.
i am sending the contents of an html text area with the name "message" using the mail functions like. mail($email, $subject, $message, "From: someone@somewhere.com Reply-To: someone@somewhere.com X-Mailer: PHP/" . phpversion()); when the user gets the mail all apostrophies (') are escaped like ('). how do i prevent this?
View Replies !
Do I Need To Escape This Code?
After you all gave me some good advice recently, I'm back for more :o) On my web site, I want to display a 'log out' icon with some text underneath, ("Log out"), which, when clicked, will end a session. This is the simple code I'm using for the icon: <a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=log_out"> <img border="0" src="images/logout.gif" width="74" height="74"><p style="text-align: center"> This all works fine and, when clicked, the session is ended and the user returns to my web site's home page. Now's the complicated, (Well for me, anyway), bit; I only want to show the 'log out' icon when the user is actually logged in. So, I've been using isset to determine the session state: <?php if (isset($_SESSION['user'])) {?> <a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=log_out"> <img border="0" src="images/greenround.PNG" width="74" height="74"><p style="text-align: center"> <?php }?>
View Replies !
Escape To Unicode?
I've begun dealing with PHP's XML functions (puttup!) I shoudl say- php's DEFAULT XML functions, no extensions. Probably not 5.0. I don't care... The POINt is, they choke on funny characters, even encoded funny characters. You need to use the unicode. (change ñ to ). Whatevuh. That's why, why- now ignore that part, because it will distract and proably cause you to misconstrue the thrust of the question to follow: Does PHP have a function that will escape all funny characters in a string (encoded, unencoded, both, either...) to their unicode equivilants? In a string- ignore the XML parts of this question. (I'm looking at pre-proscessing the data coming into forms that will form the offending XML)
View Replies !
Escape Character & And #
Does anyone know the escape character for & and # like in : Update GDO_INFO_ER set V_COMMENTAIRE='B&A' where V_USERMODIFICATION='bilal123' or Update GDO_INFO_ER set V_COMMENTAIRE='B#A' where V_USERMODIFICATION='bilal123' I would like to insert & and # literally in the table.
View Replies !
Escape Charecters
Can anyone tell me ho to get certain charecters to be displayed. When sending email with (') i get () instead. i.e. This dosen't work becomes dosen
View Replies !
Escape Character
I dont know why the browser doesn't present the php string with some escape character like , .... For example: the string "Name Address" should be printed out like Name Address instead it prints out "Name Address".I tried other ones and do not work. Anyone know why?
View Replies !
Characters To Escape?
I am looking to make my own escaping system, although i don't know the major characters to escape? Is there any really bad characters that must at all times be escaped.
View Replies !
How Can I Escape The XML Syntax
i have a textarea where users can input information about themselves. They can even edit the texts (making the texts bold, italic...). It works fine when i try to add the info into the db. But when i try to display the info from the db, it displays some characters like \" whatever. I used stripslashes, but it didn't solve the problem. What do you advise me so that i can handle the XML special characters not to disturb my design??
View Replies !
Escape The Xml?> Characters
This seems to cause a problem as PHP takes the?> to be the end of PHP script. I then get a load of PHP in my XML file that was created. Anyway to escape it? <?php include("DBConnection.php"); // open a file pointer to an RSS file $fp = fopen ("rss.xml", "w"); // Now write the header information fwrite ($fp, "<?xml version=Ƈ.0'?><rss version=ƈ.0'><channel>”);
View Replies !
Escape Slashes
I want to escape backslashes in the below query - DB is MS SQL Server so addslashes() no use. The problem is here... 'O'Co', MS SQL Server won't accept it. PHP Code: INSERT INTO training(class_ID, ffnumber, firstname, surname, attended, passed, date_reg) VALUES(��', 'ff18728', 'Ann', 'O'Co', 'No', 'No', {fn NOW()}) ESCAPE '' Any ideas?
View Replies !
Escape Search
I'm trying to grab data from a database where the entry has a single quotation and then re-search based on that. Basically, I grab the entry: michael's car. But, I want to go back into the table and search for everything that has: michael's car. It seems that PHP always escapes the entries once I grab them from the database. Is there a way to avoid this?
View Replies !
Escape @ Sign
The subject may be confusing, but I am sure this is easy. My mind is blank on the solution. I have a script that returns a variable which will always include an email address. I want to process the variable to escape the "@" sign. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ex. $email = "bob@bobsite.com"; I want to process the variable above so that it changes the value of $email to... $email = "bob@bobsite.com"; ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I am guessing either preg_replace or preg_match is what I am looking for, but I have been unable to figure out how to change the variable by inserting the "" before the "@".
View Replies !
Javascript Escape In Php
I've used the javascript "escape()" function to prepare some data to be saved in a cookie. I'm now trying to read the data in PHP but not having much luck.
View Replies !
Escape Sequence
I have a small script that takes a user's email address and adds it to a text file, but I want it to write each e-mail on a new line I tried this code with no results: Code: $file = fopen("/var/lists/test","a+"); fwrite($file, $_POST["email"] . ' ' ); fclose($file);
View Replies !
Real Audio Download Limiter
i'm running a site with .ra and .ram files, when some visitor download or stream all these files at the same time it causes an huge bandwidth consumption. so i'd like to limit the download per each IP to a certain number of .ra and .ram files at time. i wonder if i can use some php script with cookies session but i'm new to this and i don't know where to start.
View Replies !
Real Time Echo'ing Of Var In A Loop
i have a big loop, and rather then waiting until its done for me too see what happened, every time it runs, how can i get the browser to echo the result, and proceed to keep running the loop. basically this loop takes a long time to finish, and i had to set my max runtime past 30 seconds. i guess incorporating a refresh of some sort like this would eliminate the need for the time extension too?
View Replies !
|
TRACKER
