Mysql Real Escape String() In Conditional Statements
I created the following bit of code that allows me to pass a MySQL conditional statement to a function.
I am trying to figure out where and how would I go about incorporating the mysql_real_escape_string() function?
Is there a way to call the mysql_real_escape_string() in the function itself? Code:
View Complete Forum Thread with Replies
Related Forum Messages:
How To Search Strings Escaped By Mysql Real Escape String()?
I am currently developing an article script and there are Titles and Contents. To prevent sql injection, people say we must use mysql_real_escape_string(). So let's say if there is a Title that says "My Friend's best friend", if I look into the MySQL table record, the text will be saved as "My Friend's best friend", where the apostrophe is escaped. Code:
View Replies !
Real Escape String
How can i add a escape string to this php mysql query. mysql_query('insert into times (code, date, time, duration) values ("'.$course_code.'","'.$date_inSQL.'","'.$time_inSQL.'","'.$duration.'" )');
View Replies !
Mysql Real Escape
Upon entry into the database, I first clean form input data with html special characters, strip tags, and mysql real escape string. When I retrieve this data from the db, single quotes aren't coming out right on the pages. Some browsers display a question mark, others a blank space, and another (FireFox) totally screws up the text formatting.
View Replies !
Htmlspecialchars/real Escape
I'm creating a BBCode parser, and everything's working but one thing; I need code tags, but I will need to real_escape/htmlspecialchars the post to make sure it isn't malicious. The only problem is if I real_escape with code tags that contain php, the php will be removed. If I specialchars the post with php, I can't have syntax highlighting (or, not easily). How do I get round this?
View Replies !
Mysql Escape String Permissions
I am using mysql_real_escape_string() for my $_POST variables but I get this error Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'themiss2'@'localhost' (using password: NO) in /home/themiss2/public_html/writing/account_process.php on line 5 I'm not sure how to fix it. ps. this is all based out of cPanel and phpMyAdmin for web and database organization (if that helps withthe problem)
View Replies !
Conditional Statements And Loops
Not long ago I was asked to give PHP lections to some private IT school. I'm on second lection now, and will be teaching my :) students conditional statements (if..else and switch) and loops (while and for). That was my story, now the question. Can you give me an advise on some geeky use of those statements to stir up some enthusiasm in students.
View Replies !
Question On Conditional Statements
I'm a perl programmer and am trying to learn PHP. So far I have figured out most of the differences, but have not been able to find out how to do the following: When running through a loop, how can you test two separate conditions against the same $element of an array. For example, this is how I thought it would be done (similar to Perl), but it did not work: if (eregi("apple", $line) and (eregi("orange", $line) { do whatever; } Basically testing each line of an array to see if both the words "apple" and "orange" are present. Also, is there any equivalent to the following from Perl while running through a loop: next if (whatever conditions); last if (whatever conditions);
View Replies !
Avoiding Endless Conditional Statements
Here is my problem. I want to make a webapp that will basically take the work out of finding what tool works for what situation. There are 5 factors that go into tool selection. 1)Material Group, 2)Insert Radius, 3)Insert Type and Size, and 2 others that I can't remember off-hand. There are probably about 1000 different scenarios that I have to code for..(there are several blank table cells and it's not setup as you might imagine, there is a lot of overlapping), and I desperately want to avoid making a gigantic conditional statement. I'm afraid that I really have to provide a picture of what I'm doing here, so I will do that. Here is the link. You only see 3 of the 5 factors on this page, and the other 2 have to do with whether this table or one of many other tables (not pictured) will be used. So, now that I've confused everyone. That's my table. What's a good way to go about programming that sucker in so that people don't have to do all the "work" involved to figure out what tools they need. They should just be able to choose selections from 5 dropdown boxes and get one tool back. A tool is something like "10.655.600".
View Replies !
Escape A String
If a string contains characters -- and ', how do I escape the string so that I can compare this string to others or store it in database?
View Replies !
How To Escape String For Preg_match?
I have a string equal to 'www/' that I want to use in a preg_match. Php keeps giving me the warning: Warning: preg_match(): Unknown modifier '/' How can I escape the string so the / in www/ is not interpreted in the preg_match ?
View Replies !
Escape Tags In A String
I have a complete file in a single-line string. Now this string also contains <? and ?> or other script-tags. Of course if I "print" or "echo" the string the php won't be interpreted. But that is exactely what I want. I want scripts like PHP to be executed when I print that string e.g. in a template. Instead it shows something like this: " This is the content of my file <? echo "__FILE__"; ?> which I want to execute scripts. " Anyone know how to have them PHP-Tags be processed?
View Replies !
Escape Characters In A String
Is there a way to strip escape characters from a string? I am trying to send a html email which includes hyperlinks. But this doesn't work as the quotes are preceded by a slash.
View Replies !
Oracle Escape String
When using PHP and MySQL, I know there is a nifty function called mysql_escape_string, to escape whatever you might need to put into your SQL. Now we're coverting from MySQL to Oracle. I'm trying to figure out how to create SQL statments with propertlly escaped strings. There doesn't appear to be an oci_escape_string function. I'm using PHP5 and Oracle 10g on RHEL 4.
View Replies !
Make Function Equal To String In Conditional
I can usually figure something out, but I CANNOT figure this one out: This is a classified word ad script to count the words in a text area ($wrdad) and multiply it by the rate for how many times the ad will run in the newspaper. I know my code is messy and ameture, don't be too critical, but it works - everythign except one part. We have a 15 word minimum. I have this area commented out as //Problem Area/// in the code below. In a nutshell, I want function wordcount($wordad) to be equal to 15 if there are fewer than 15 words in the $wordad textarea. It just seems to ignore the wordcount($wordad) == 15; in my conditional. Code:
View Replies !
< ? Php $string ? > Within Html Statements?
I'm trying to reduce my code in html by calling a page.php file which blocks out the html for me. I was having a hell of a time since my html wouldn't parse the php code so in page.php I ended and started php and used regular html in between. my problem is that I'm trying to use a string to lable my blocks of html (you know .... a links menu < home > < go here > < go there > with the $ string lableling each header area. Everything is parsing except for the $ string name --- so I have lots of nested tables with everything filling except the title of the block, Code:
View Replies !
Variables Combined With String In SQL Statements
I get this error "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' , , , , , , , , , , , )' at line 1" My sql statement is this: mysql_query("INSERT INTO players (player_id, match_id, kills, deaths) VALUES ('$user_id', ".$_POST['match_id'].",".$_POST['kills$username'].", ".$_POST['deaths$username'].")") or die ('Error adding new player '.mysql_error()); I'm thinking it must be to do with me combining string and variables together. So is ".$_POST['kills$username']." correct?
View Replies !
Mysql Real
I found this which I think calls for an indepth brain storming. A very good reading [edited by: eelixduppy at 1:06 pm (utc) on Sep. 12, 2007] [edit reason] fixed typo as per request [/edit]
View Replies !
A Real Challenge For Real PHP Programmers
<?php /* A challenge to every PHP programmer.The one who's gonna solve this problem would be deemed as PSP(PHP Supreme Programmer).The problem is this : You have to write a script that displays a list of categories and subcategorieslike this one: <select name="category"> <option value="1">Main</option> <option value="2">Main > Computers</option> <option value="4">Main > Computers > Hardware </option> <option value="8">Main > Computers > Hardware > PC</option> <option value="7">Main > Computers > Hardware > Mac</option> <option value="9">Main > Computers > Hardware > Atari</option> <option value="11">Main > Computers > Hardware > PC > History of Pc</option> <option value="">etc...</option> </select> The categories and subcategories details are stored in these two tables in a MySQL database. -categories : the categories names and ids. -cat_relations : the relations between categories.It shows which subcategory belongs to which category. The belongings between categories can go very deep and the number of categories is unlimited. This script will create the two tables and fill them with sample data. All you need to do is to change the four variables below. You can send the script back to this email : yasbergy@yahoo.com. */ //Here starts the script. Please change the values of these variables to fit your settings $user = "prospective_PSP"; $database = "db"; $server = "localhost" ; $pwd = "" ; //Connection to the database that you created mysql_connect($server,$user,$pwd) ; mysql_select_db($database); //Creation of the two tables : categories and cat_relations $categories = " CREATE TABLE `categories` (`id` INT not null AUTO_INCREMENT, `name` VARCHAR(100) not null , PRIMARY KEY (`id`), INDEX (`id`), UNIQUE (`id`)) comment = 'The categories details' "; mysql_query($categories) ; $cat_relations = "CREATE TABLE `cat_relations` (`id` INT not null AUTO_INCREMENT, `daughter_id` INT not null, `mother_id` INT not null , PRIMARY KEY (`id`), INDEX (`id`), UNIQUE (`id`)) comment = 'Which category is the daughter of which category'"; mysql_query($cat_relations) ; //Filling the two tables with sample data $cats = array('Main','Computers','Countries','Hardware','S oftware','Programming languages','Mac','PC','Atari','Winamp','History of the PC','IBM','Components','High level','USA','NYC','LA','Manhattan','India','Winzi p'); for ($i=0;$i<count($cats);$i++){ $sql = mysql_query("insert into categories (name) values('".$cats[$i]."')"); } mysql_query("insert into cat_relations (daughter_id,mother_id) values (2,1),(3,1),(4,2),(5,2),(6,2),(7,4),(8,4),(9,4),(1 1,8),(12,8),(13,8),(10,5),(20,5),(14,6),(15,3),(16 ,15),(17,15),(18,16),(19,3)"); //Now you can have a look on them through phpMyAdmin ?>
View Replies !
Php And Mysql Escape Characters
Everytime I want to enter to a textbox area "it's fun" (no quotes) I get an error. "Problems with Query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's fun'" I need to enter " it's fun" (no quotes) in order for MySql accept it. Any work arounds on escape characters? How can I have mySQL just take "it's fun" just like that?
View Replies !
MySQL Conditional Statement
What I am trying to do is kind of like an advanced search. Basically, I have three dropdowns, for this I am going to use the example books: Three dropdowns, which are 1) Author 2) Language 3) Type (Hardback or Paperback) Typical search: I want to get a list of all books written by STEPHEN KING, that are written in ENGLISH and that are HARDBACK ok fine, but what if I just want to search for ALL books by STEPHEN KING regardless of the language or the type of book?? Heres the SQL i would use for all 3 "search parameters": PHP Code:
View Replies !
Conditional Select From Mysql
I have a mysql database which stores race data that I want to open up to users for viewing. I want the user to be able to select various subsets of the data according to the parameters: race, gender, age, and type (and maybe sometime, by name as well). This is BOTH a mysql question and a php one, as I ask for a more efficient solution (see bottom this post). Here is a snippet of how I am implementing the mysql statements to select only the exact subset of data. PHP Code:
View Replies !
MySQL Result To Real Array In Function
I'd like to create a function which input is the result of a mySQL query. The output should be exactly the same, only not a mySQL result array, but a 'real' array. So it should also get the fieldnames returned by mySQL and use those as keys. I can't get things to work properly: it should return a multidimensional array, like $result_array[1] = array( [field1] => field1 value, [field2] => field2 value, etc. ) somehow my result is (with code below) $result_array[1] = array( [0] => field1 value, [field1] => field1 value, [1] => field2 value, [field2] => field2 value, etc. ) +++++ code ++++++ $get_res= mysql_query(QUERY); if( $res = mysql_fetch_array( $get_res ) ) { do{ $result[] = $res; }while( $res = mysql_fetch_array( $get_res ) ); }; foreach( $result as $key => $value ){ print_r($value); };
View Replies !
Real Life Examples Of Mysql+session_set_save_handler
In my test setup using my own session handlers with session_set_save_handler and mysql, the session handler opens and close mysql connections. But what if my page also requires some mysql queries? Should I open a new connection or use the already opened one (opened by the session handler)? I have made it a good practice to close a connection after a query but if I do it with only connection open no session data will be written to my mysql table. I have seen some scripts using persistent connections but are not sure what would be the best for a real world environment.
View Replies !
Save Real HTML Tags Into My Mysql Database.
I want to save real HTML tags into my mysql database. I use $p = htmlentities($content); to convert the strange characters to real html. Then from another page i echo the content from the database and i see real html tags which is what i want.But in the database its still saved as:
View Replies !
Read Data From MS Access Into MySQL In Real-time
I am currently working on a project that involves reading information from a inventory system into Access via ODBC and display the info on the web site using MySQL. I would like to create a live link between the MS Access(local) and MySQL (remote) whenever the inventory system is updated MySQL will be updated as well. I know that MyODBC will let me do the opposite of what I would like to accomplish by reading data in MySQL into Access. Is it possible to do the reverse way.
View Replies !
If Statements W/MySQL DB
I have been working on for a few days now, getting an if statement to work with reading from a MySQL database. My goal is to have my web site to entirely run off index.php. I have taken a look at a very simple, manual-written if statement, and I am trying to incorporate it to work with MySQL. I will comment brlow what I don't sunderstand how to do. Code:
View Replies !
Prepared Statements In Mysql
mysqli in PHP5 comes with prepared statements functionality. However, without persistent connections or connection pooling in this code library, one has to ask: are prepared statements 'remembered' by the server for a while between connections, so that new connections can take advantage of them, or are they really only useful for those pages/requests that are executing a huge amount of DML in a single shot.
View Replies !
Mysql Insert Statements Problem
i've created a site locally on my machine using php 4 and mysql3 all working fine, however having bought a new laptop i decided to upgrade to php 5 and mysql 5. i've sorted any other problems i had but bizarrely none of my mysql insert statements throughout the site work any more? they worked before? is there a syntax change to inserts or something that i'm missing?
View Replies !
Multiple PHP/MySQL INSERT Statements
I have a text file of data in a file (add2db.txt) where the entries are already entered on separate lines in the following form: INSERT INTO `reviews` VALUES("", "Tony's", "Lunch", "Great atmosphere. Good food.", " (Harry Houdini - 03/01/2004)"); INSERT INTO `reviews` VALUES("", "Le Chow Place", "Lunch", "yada yada", " (Herbert Hoover - 03/03/2004)"); INSERT INTO `reviews` VALUES("", "Golden Dragon", "Lunch", "Exquisite. Good food.", " (Minnie Mouse - 01/03/2004)"); etc etc These have been parsed from a review form that a client already submitted. What I need to do now after I have reviewed the information for appropriateness and grammer is to insert it into my MySQL database. I would write single line entries like this: // Set Mysql Variables $host = "localhost"; $user = "root"; $pass = ""; $db = "rest"; $table = "reviews"; // Connect to Mysql, select the correct database, and run the query which adds the data gathered from the file into the database mysql_connect($host,$user,$pass) or die(mysql_error()); mysql_select_db($db) or die(mysql_error()); $add_review = "INSERT INTO $table values('','$rname','$umeal','$ucomment','$uname')"; mysql_query($add_all) or die(mysql_error()); But how would I write the $add_review to read each line of the add2db.txt and enter it as a separate entry?
View Replies !
Executing A Sequence Of Mysql Statements
I need to execute a sequence of mysql statements, like creating a new database, then creating a few tables, and then copy some records from tables of an old database to this new one. what's the best way to implement it with PHP? I think I shall write a SQL script file, and let PHP read and execute it. Am I right here? How shall I deal with the returns of all these SQL statements? Can I ignore them if no error occurs?
View Replies !
Dynamically Generate MySql Create Index Statements
I know in mySql you can run "show indexes from TableName" and it will show you a list of all the index's for that table. What I would like to do is run this query to generate a create index statement that I can run on another database all thru PHP. Has anyone allready built something like this in PHP to post some code? mysql> SHOW INDEXES FROM reviews; +---------+---------------+--------+------+------------+---------+ | Table | Column_name | Packed | Null | Index_type | Comment | ----------+---------------+--------+------+------------+---------+ | reviews | id | NULL | | BTREE | | | reviews | data | NULL | YES | FULLTEXT | | +---------+---------------+--------+------+------------+---------+ 2 rows in set (0.01 sec)
View Replies !
Getting The REAL Directory?
Is there any way to get the directory/path of the file running the script, not the directory you're inside (Via dir())? I'm allowing the user to navigate through directories, and that part works great - but whenever I attempt to used getcwd(), it returns the directory the user is in - not the directory of the php file - is there any way to get the directory of the .php file the user is using?
View Replies !
Real Estate MLS/IDX
I am trying to program an MLS/IDX search feature to be integrated into a real estate website. This progrom will allow MLS/IDX searching/browsing (searching by MLS #, house variables, etc) and browsing by property location, etc. I have come accross RETS and have tried to go about it, but wow, maybe MLS/IDX is just some mythical database that doesn't exist? If anyone can help me out here. show some code, point me to a resource, tutorial, something that would be some assistance, I would bow down to them, and mail them one, yes, one ice cold root beer.
View Replies !
Resolve Real IP
I can get the apparent IP from $_SERVER['REMOTE_ADDR']; . However, how can I find the real IP if the user is behind a proxy? I know it must be possible as some "whatismyip" sites do it.
View Replies !
Escape
<?php echo ("Vladimir's brother said, "Ain't that a hoot?""); ?> Vladimir's brother said, "Ain't that a hoot?" Vladimir's brother said, "Ain't that a hoot?"
View Replies !
Escape <
I'm adding 3 strings and need to escape possible <? and <<< when they occur. I can't figure out a way to do it. This is the code joining the strings. If it comes across a <? in the results it does not add additional strings in the loop. $Result = $Result . chr(intval($k/16)+48) . chr(intval(fmod($k, 16))+48); for($m=0; $m<=$i-1; $m++) { $k=ord(substr($mpass,$m,1)); $k=$k+$LASTK+(27*$j); settype($k, float); $k= fmod($k, 256); $LASTK=$k; $Result = $Result . chr(intval($k/16)+48) . chr(intval(fmod($k, 16))+48) $j++; }
View Replies !
Conditional
I am having an issue here that no matter what happens, my else statement is always displayed with my if! Can someone help me, I can't seem to find where I messed up. PHP Code: if ($_GET['cat'] == "wired") { $f_p = "iframe_wired.php"; echo "<iframe src="$f_p" name="$f_n" scrolling="$f_s" frameborder="$f_b" align="$f_a" height="$f_h" width="$f_w"> </iframe>"; } else { exit(); } if ($_GET['cat'] == "wireless") { $f_p = "iframe_wireless.php"; echo "<iframe src="$f_p" name="$f_n" scrolling="$f_s" frameborder="$f_b" align="$f_a" height="$f_h" width="$f_w"> ..........................
View Replies !
Real-time Output?
I'm a relative PHP newbie, so I apologize if this is a simple question. Anyway, here's my problem. I'm using a PHP script to pre-render a bunchload of insert files for an HTML page. Right now there's about 1,600, but that number could get much, much higher when the site goes live. I'll only need to re-render the whole batch once or twice a year (if that) but it's still something I'd like to be able to do in case I have to move the site to a different server, or there's a hard drive crash or etc. Basically what the script does is grab a whole bunch of information from a database and write the insert file. It does this for every single one. The problem of course, is that PHP by default does all this server-side, and then sends it to the browser. Because this process takes like ten or twenty minutes to do, the browser times out long before it's finished. Is there a way to get progressive output with PHP? Or do I need to re-do this in another language like Perl?
View Replies !
Real Length Of Arrays
Sometimes, I want to know how many elements are really in an array (php3). The count() and sizeof() functions apparently return the number of non-empty array elements, and if you do a while loop checking for empty will stop on the first empty element. I have been using the following function: function truecount($theArray) { if (is_array($theArray)) { end($theArray); return key($theArray); } } but if the key is non-numeric, won't that trip me up? Anyone have a better solution?
View Replies !
Md5 / Sha1 - Any Real Difference?
I use md5 hash with some of my cookies and occassionally a hidden form field - I know the physical data on my network is insecure (unless being served via https) but I was wondering if there are any advantages to using md5 over sha1 or versa vicea... I know md5 gives me a unique 32bit hash while sha1 I've read is 'secure' (?) and gives a 40bit hash... Since The technical webpage on sha1 is lengthy and for the most part over my head... and other than today, I've never heard of it before... I was wondering if anyone could offer any comments on it...
View Replies !
Real Time Chat
There's anyone out there that can give me a light on real time chat using sockets. I've seen some using push technics but they all hang up after an elapsed amount of time.
View Replies !
Real IP Address From Behind Proxy Or NAT
How to get the real IP address of a user, not that of their proxy server or the external NAT address. I was quite sure that this wasn't possible without some kind of process getting the address on the client machine. I have suggested that these sites could be using Java to get the real IP address, however, I could be wrong and for me the script that I found always returns 127.0.0.1 . This suggests to me that any script attempting to obtain the hosts real IP address infarct rely s on the HTTP-X-FORWARDED-FOR header sent by the proxy server...
View Replies !
Real-time Clock
Where should I start to write a Real-time Clock? I want it be dynamic, not static. I know how to get the time and display it but how do I keep changing it ?
View Replies !
My Real Estate Scripts
I have been writing a real estate agency program and its coming on well but taking longer than I thought. Also I think I am just re-inventing the wheel as I guess like BB scripts there are probably good free ones already writen in php and using mysql ? Can anyone recommend one.? can then continue learning while adapting it to my purposes.
View Replies !
REAL E-mail Validation
if there is a way to actually send an e-mail to the server and see if it bounces or not? What I'm trying to do is require users to enter a valid e-mail address on the front page before entering the site. I don't want to do simple character validation (check for @ and no special chars, etc, etc) but actually see if the e-mail account truly exists before letting them into the site.
View Replies !
|
TRACKER
