OK, I've been searching around the net for numerous hours and seem to just be
getting more confused about handling special characters.
In my host's configuration MagicQuotes is ON. (I understand this is considered
a bad thing by many)
A user submitted an email in the form 'Bob Smith' <bo*@nospam.com >
Now when I look in the MySql database (via PhpMyAdmin) it's exactly that, but
when I try to retrieve it with a standard query, it echo's or prints as Bob
Smith. I have the same problem with a store name containing a single
apostrophe. Obviously the single quote is stopping it, but how do I get past
that?
Many thanks,
Larry L
9  2555 
Message-ID: <ty************ ******@tornado. socal.rr.com> from Larry
contained the following: A user submitted an email in the form 'Bob Smith' <bo*@nospam.com >
Now when I look in the MySql database (via PhpMyAdmin) it's exactly that, but
when I try to retrieve it with a standard query, it echo's or prints as Bob
Smith. I have the same problem with a store name containing a single
apostrophe. Obviously the single quote is stopping it, but how do I get past
that?
What code are you using to echo or print it?
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
"Larry" <no***@none.com > wrote in message
news:ty******** **********@torn ado.socal.rr.co m... OK, I've been searching around the net for numerous hours and seem to just
be
getting more confused about handling special characters.
In my host's configuration MagicQuotes is ON. (I understand this is
considered
a bad thing by many)
A user submitted an email in the form 'Bob Smith' <bo*@nospam.com >
Now when I look in the MySql database (via PhpMyAdmin) it's exactly that,
but
when I try to retrieve it with a standard query, it echo's or prints as
Bob
Smith. I have the same problem with a store name containing a single
apostrophe. Obviously the single quote is stopping it, but how do I get
past
that?
In HTML <bo*@nospam.com > will be concidered as a tag, nonsense tag since
it's not really a tag but the <> make html think it is, therefor it's
hidden. To fix it, special chars need to be converted to format where html
does not concider them as control characters such as tag delimiters. There
is a function that does this conversion called htmlspecialchar s.
Try something like:
echo htmlspecialchar s("'Bob Smith' <bo*@nospam.com >"); http://php.net/htmlspecialchars
--
"En ole paha ihminen, mutta omenat ovat elinkeinoni." -Perttu Sirviö sp**@outolempi. net | Gedoon-S @ IRCnet | rot13(xv***@bhg byrzcv.arg)
In article <Yh************ **@reader1.news .jippii.net>, "Kimmo Laine" <sp**@outolempi .net> wrote: "Larry" <no***@none.com > wrote in message
news:ty******* ***********@tor nado.socal.rr.c om... OK, I've been searching around the net for numerous hours and seem to just
be
getting more confused about handling special characters.
In my host's configuration MagicQuotes is ON. (I understand this is
considered
a bad thing by many)
A user submitted an email in the form 'Bob Smith' <bo*@nospam.com >
Now when I look in the MySql database (via PhpMyAdmin) it's exactly that,
but
when I try to retrieve it with a standard query, it echo's or prints as
Bob
Smith. I have the same problem with a store name containing a single
apostrophe. Obviously the single quote is stopping it, but how do I get
past
that?
In HTML <bo*@nospam.com > will be concidered as a tag, nonsense tag since
it's not really a tag but the <> make html think it is, therefor it's
hidden. To fix it, special chars need to be converted to format where html
does not concider them as control characters such as tag delimiters. There
is a function that does this conversion called htmlspecialchar s.
Try something like:
echo htmlspecialchar s("'Bob Smith' <bo*@nospam.com >");
http://php.net/htmlspecialchars
Actually I am placing the value into a hidden form field that's then emailed
via a formmail program.
echo("<input type='hidden' name='my_email' value='$email'> ");
I see your point about HTML seeing it as a nonsense tag however, and
understand how the single quote will also mess it up as there are others in
the <input> field and it will see it as an end to something.
I guess I'm back to stripping all the special characters out before they get
put into the database. Hmmmm...
Thanks much for the help,
Larry L
Larry wrote: OK, I've been searching around the net for numerous hours and seem to just be
getting more confused about handling special characters.
In my host's configuration MagicQuotes is ON. (I understand this is considered
a bad thing by many)
A user submitted an email in the form 'Bob Smith' <bo*@nospam.com >
Now when I look in the MySql database (via PhpMyAdmin) it's exactly that, but
when I try to retrieve it with a standard query, it echo's or prints as Bob
Smith. I have the same problem with a store name containing a single
apostrophe. Obviously the single quote is stopping it, but how do I get past
that?
Many thanks,
Larry L
Larry,
Single quotes are also used as a delimiter in SQL. But are you sure that's your
problem? If you had mismatched quotes, I would expect you to get an error when
you try to insert it into the database.
Chances are the problem is in the display of the data. First of all, do you see
it if you look at the page source in your browser? If the data is there, it's
only a matter of handling the special characters - check out htmlentities().
If the data is not there, you need to look at your code to see what happened.
And BTW - your method is *very* insecure. It will easily turn your site into a
spammers paradise. All one has to do is submit a form with another email
address in the hidden field. Rather, save the primary key in the hidden field
and retrieve the email address from the database when you send the email.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
"Larry" <no***@none.com > wrote in message
news:V0******** *********@torna do.socal.rr.com ... In article <Yh************ **@reader1.news .jippii.net>, "Kimmo Laine"
<sp**@outolempi .net> wrote:"Larry" <no***@none.com > wrote in message
news:ty****** ************@to rnado.socal.rr. com... OK, I've been searching around the net for numerous hours and seem to
just
be
getting more confused about handling special characters.
In my host's configuration MagicQuotes is ON. (I understand this is
considered
a bad thing by many)
A user submitted an email in the form 'Bob Smith' <bo*@nospam.com >
Now when I look in the MySql database (via PhpMyAdmin) it's exactly
that,
but
when I try to retrieve it with a standard query, it echo's or prints as
Bob
Smith. I have the same problem with a store name containing a single
apostrophe. Obviously the single quote is stopping it, but how do I get
past
that?
In HTML <bo*@nospam.com > will be concidered as a tag, nonsense tag since
it's not really a tag but the <> make html think it is, therefor it's
hidden. To fix it, special chars need to be converted to format where html
does not concider them as control characters such as tag delimiters. There
is a function that does this conversion called htmlspecialchar s.
Try something like:
echo htmlspecialchar s("'Bob Smith' <bo*@nospam.com >");
http://php.net/htmlspecialchars
Actually I am placing the value into a hidden form field that's then
emailed
via a formmail program.
echo("<input type='hidden' name='my_email' value='$email'> ");
Please please please concider an alternative solution! Form mail scripts
like that are very potential spam relays, especially the Formmail from Matts
Script Archive is the most classic exploited script. Do yourself and
everyone else a favor and study a bit how such solutions get exploited.
Basicly spammers replace the value with another email address and send their
own shit using your script. http://www.google.com/search?hl=en&q...=Google+Search http://rickconner.net/spamweb/spam_formmail.html
--
"En ole paha ihminen, mutta omenat ovat elinkeinoni." -Perttu Sirviö sp**@outolempi. net | Gedoon-S @ IRCnet | rot13(xv***@bhg byrzcv.arg)
Message-ID: <V0************ *****@tornado.s ocal.rr.com> from Larry
contained the following: I guess I'm back to stripping all the special characters out before they get
put into the database. Hmmmm...
No, you don't need to do that.
Just use htmlentities($s ting, ENT_QUOTES)
But I'll echo the other concerns about security...
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
In article <6p************ ********@comcas t.com>, Jerry Stuckle <js*******@attg lobal.net> wrote: Larry wrote: OK, I've been searching around the net for numerous hours and seem to just be
getting more confused about handling special characters.
In my host's configuration MagicQuotes is ON. (I understand this is
considered a bad thing by many)
A user submitted an email in the form 'Bob Smith' <bo*@nospam.com >
Now when I look in the MySql database (via PhpMyAdmin) it's exactly that, but
when I try to retrieve it with a standard query, it echo's or prints as Bob
Smith. I have the same problem with a store name containing a single
apostrophe. Obviously the single quote is stopping it, but how do I get past
that?
Many thanks,
Larry L
Larry,
Single quotes are also used as a delimiter in SQL. But are you sure that's
your
problem? If you had mismatched quotes, I would expect you to get an error when
you try to insert it into the database.
Chances are the problem is in the display of the data. First of all, do you
see
it if you look at the page source in your browser? If the data is there, it's
only a matter of handling the special characters - check out htmlentities().
If the data is not there, you need to look at your code to see what happened.
And BTW - your method is *very* insecure. It will easily turn your site into a
spammers paradise. All one has to do is submit a form with another email
address in the hidden field. Rather, save the primary key in the hidden field
and retrieve the email address from the database when you send the email.
Thanks for the good advice, it didn't dawn on me until yesterday that I
could look at the source of the displayed page to see if the data was actually
there.
I think the mismatched quotes problem was handled by magicquotes being turned
on, as the single quote makes it into the MySQL database ok.
I do understand a little about how bad formmail scrips can be. It's not as bad
as it seems, however. Mine will not send an email to a supplied address, it
uses a code that the form supplies in a hidden field to determine which of 4
emails it will send to. That seems to me to be fairly safe, no?
Larry L
In article <%S************ **@reader1.news .jippii.net>, "Kimmo Laine" <sp**@outolempi .net> wrote: "Larry" <no***@none.com > wrote in message
news:V0******* **********@torn ado.socal.rr.co m... In article <Yh************ **@reader1.news .jippii.net>, "Kimmo Laine"
<sp**@outolempi .net> wrote:"Larry" <no***@none.com > wrote in message
snip
Actually I am placing the value into a hidden form field that's then
emailed
via a formmail program.
echo("<input type='hidden' name='my_email' value='$email'> ");
Please please please concider an alternative solution! Form mail scripts
like that are very potential spam relays, especially the Formmail from Matts
Script Archive is the most classic exploited script. Do yourself and
everyone else a favor and study a bit how such solutions get exploited.
Basicly spammers replace the value with another email address and send their
own shit using your script.
http://www.google.com/search?hl=en&q...btnG=Google+Se
arch
http://rickconner.net/spamweb/spam_formmail.html
Well it's not quite that bad, and yes I've heard all about Matts scripts! What
isn't obvious from the line of code above is that $email is NOT an email
address, it's a code, 1 of 4 in my case, that my Formmail script uses to
decide which of 4 emails to send the form to. Sending anything else other than
the 4 recognized codes just results in the FormMail terminating. Though I'm no
expert on the subject, my belief is that's a reasonable solution.
Larry L
Larry wrote: In article <6p************ ********@comcas t.com>, Jerry Stuckle <js*******@attg lobal.net> wrote:
Larry wrote:
OK, I've been searching around the net for numerous hours and seem to just be
getting more confused about handling special characters.
In my host's configuration MagicQuotes is ON. (I understand this is
considered
a bad thing by many)
A user submitted an email in the form 'Bob Smith' <bo*@nospam.com >
Now when I look in the MySql database (via PhpMyAdmin) it's exactly that, but
when I try to retrieve it with a standard query, it echo's or prints as Bob
Smith. I have the same problem with a store name containing a single
apostrophe . Obviously the single quote is stopping it, but how do I get past
that?
Many thanks,
Larry L
Larry,
Single quotes are also used as a delimiter in SQL. But are you sure that's
your
problem? If you had mismatched quotes, I would expect you to get an error when
you try to insert it into the database.
Chances are the problem is in the display of the data. First of all, do you
see
it if you look at the page source in your browser? If the data is there, it's
only a matter of handling the special characters - check out htmlentities().
If the data is not there, you need to look at your code to see what happened.
And BTW - your method is *very* insecure. It will easily turn your site into a
spammers paradise. All one has to do is submit a form with another email
address in the hidden field. Rather, save the primary key in the hidden field
and retrieve the email address from the database when you send the email.
Thanks for the good advice, it didn't dawn on me until yesterday that I
could look at the source of the displayed page to see if the data was actually
there.
I think the mismatched quotes problem was handled by magicquotes being turned
on, as the single quote makes it into the MySQL database ok.
I do understand a little about how bad formmail scrips can be. It's not as bad
as it seems, however. Mine will not send an email to a supplied address, it
uses a code that the form supplies in a hidden field to determine which of 4
emails it will send to. That seems to me to be fairly safe, no?
Larry L
Larry,
Yes, that should be quite safe.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== === This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Roy W. Andersen |
last post by:
I've been searching google about this for days but can't find anything,
so I'm hoping someone here can help me out.
I'm trying to create zip-files without needing the zip-file extension in
PHP, mainly because I need the ability to both create and extract
zip-files. I've tried a couple of classes found here and there, and they
all seem to have the same problem. I'm currently using PclZip
(http://phpconcept.net/pclzip/) but even the...
|
by: Larry Neylon |
last post by:
Hi,
I'm writing a vbscript application that reads UTF-8 XML containing Chinese
characters and stores the data in MySql 4.0.x.
Does anybody have any experience in this area with regarding codepage and
character sets? Ideally I want the scripts to be able to handle Standard
European characters and Chinese characters as well.
Are there any special considerations for using MySql/ODBC and ADO to get and
|
by: Sakharam Phapale |
last post by:
Hi All,
I am using an API function, which takes file path as an input.
When file path contains special characters (@,#,$,%,&,^, etc), API function
gives an error as "Unable to open input file".
Same file path containing special characters works fine in one machine, but
doesn't work in other.
I am using following API function to get short file path.
Declare Auto Function GetShortPathName Lib "kernel32" (ByVal lpszLongPath As
|
by: Carl Mercier |
last post by:
Hi,
Is it possible to use special characters like \n or \t in a VB.NET
string, just like in C#? My guess is NO, but maybe there's something I
don't know.
If it's not possible, does anybody know of a VB.NET function (somebody
must have coded this already) that will interpret strings containings
those special characters, and handle them the same as in C#?
|
by: david.lindsay.green |
last post by:
Hello all, I am quite new a web scripting and making web pages in
general and I have stumbled across a problem I have as yet been unable
to solve. I am trying to take the contents of a textarea box and save
it to a file. This step is not to hard however the contents of the
textarea is mostly latex source so it contains just about every special
character you can imagine. My question is this, how do I save an exact
copy of the textarea...
| | |
by: Doc |
last post by:
Hello!
I'm experiencing a little problem counting the number of characters in
a textarea on a html page.
This is the content type of my HTML document
content="text/html; charset=iso-8859-1"
I have a textarea that I want to limit to 400 characters, but the
enduser can enter special characters (like €, v, 8, ...). I have
|
by: sonald |
last post by:
Dear All,
I am working on a module that validates the provided CSV data in a text
format, which must be in a predefined format.
We check for the :
1. Number of fields provided in the text file,
2. Text checks for max. length of the field & whether the field is
mandatory or optional
Example:
|
by: KevinADC |
last post by:
Purpose
The purpose of this article is to discuss the difference between characters inside a character class and outside a character class and some special characters inside a character class. This is not a regular expression tutorial. Assumes you are already familiar with basic regular expression concepts and terminology. If not, you may want to read some regular expression tutorial. See the end of the article for links to online resources....
|
by: AAaron123 |
last post by:
Been playing with asp:changepassword and have it looking OK except that I
can't elininate or change the title at the top that says "Change Your
Password". It's a repeat of my pages title.
But more importantly, I can't find the regular expression for at least 7
characters and at least 1 special character.
Can you help?
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
