Hi,
Sorry for this beginner's question.
I do not know PHP
and write for my friend.
He has never been a professional programmer.
He studied C and PHP with some books
and made a bulletin board for his hobby homepage.
(He uses MS-Windows XP)
Now, the problem is:
Writing a message
and previewing is OK.
But, after posting, all the words including and after ' (apostrophe/
single quotation mark) disappear.
Examples are,
--------------------------
I can't do that
==I can
--------------------------............... ......
The person named 'Jim' is smart.
==The person named
-----------------------------.............
Any hints?
dajava,
9  6897 
dajava wrote:
Hi,
Sorry for this beginner's question.
I do not know PHP
and write for my friend.
He has never been a professional programmer.
He studied C and PHP with some books
and made a bulletin board for his hobby homepage.
(He uses MS-Windows XP)
Now, the problem is:
Writing a message
and previewing is OK.
But, after posting, all the words including and after ' (apostrophe/
single quotation mark) disappear.
Well, you didn't give enough information, so we cannot help really.
Some questions:
What is writing a message excactly?
Is that filling in some HTML-form that is submitted to a server?
What is previewing a message excactly?
Is that some JavaScript or does it include a trip to the server?
If so: what does the server do with it?
- some possibilities: Store it in a database, echo it back, store it in a
file.
And then: WHERE do these characters disappear? In a form? or as HTML?
A wild guess:
You write back to the client:
<input type="text" name="whatever" value='I can't do that'>
That is wrong.
If you need " or ' in your response back to the client, make sure you call
htmlentities() around the literal part you send back as value (or in any
other inputelement-value, also textareas).
Regards,
Erwin Moller
>
Examples are,
--------------------------
I can't do that
==I can
--------------------------............... ......
The person named 'Jim' is smart.
==The person named
-----------------------------.............
Any hints?
dajava,
dajava wrote:
But, after posting, all the words including and after ' (apostrophe/
single quotation mark) disappear.
Google: mysql_real_esca pe_string
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux
* = I'm getting there!
On Mar 6, 7:05 pm, Erwin Moller
<since_humans_r ead_this_I_am_s pammed_too_m... @spamyourself.c omwrote:
dajava wrote:
Hi,
Sorry for this beginner's question.
I do not know PHP
and write for my friend.
He has never been a professional programmer.
He studied C and PHP with some books
and made a bulletin board for his hobby homepage.
(He uses MS-Windows XP)
Now, the problem is:
Writing a message
and previewing is OK.
But, after posting, all the words including and after ' (apostrophe/
single quotation mark) disappear.
Well, you didn't give enough information, so we cannot help really.
Some questions:
What is writing a message excactly?
Is that filling in some HTML-form that is submitted to a server?
What is previewing a message excactly?
Is that some JavaScript or does it include a trip to the server?
If so: what does the server do with it?
- some possibilities: Store it in a database, echo it back, store it in a
file.
And then: WHERE do these characters disappear? In a form? or as HTML?
A wild guess:
You write back to the client:
<input type="text" name="whatever" value='I can't do that'>
That is wrong.
If you need " or ' in your response back to the client, make sure you call
htmlentities() around the literal part you send back as value (or in any
other inputelement-value, also textareas).
Regards,
Erwin Moller
Examples are,
--------------------------
I can't do that
==I can
--------------------------............... ......
The person named 'Jim' is smart.
==The person named
-----------------------------.............
Any hints?
dajava,- Hide quoted text -
- Show quoted text -- Hide quoted text -
- Show quoted text -
I forward your wild guess to him.
Let me rephrase my question
with this hypothetical example with google groups.
-----------------------------
I arrived comp.lang.php
and type a message to ask a question.
entering/editing : This is a test. Don't you like this?
previewing : This is a test. Don't you like this? ( great so far)
Now, I click on POST button.
then, what the heck,
I got this : This is a test. Don
('t you like this? : these disappeared)
-----------------------------------------------
I cannot express myself well.
I do not know PHP.
I will post reply again
when I got e-mail from my friend.
Thanks anyway.
dajava,
dajava wrote:
On Mar 6, 7:05 pm, Erwin Moller
<since_humans_r ead_this_I_am_s pammed_too_m... @spamyourself.c omwrote:
>dajava wrote:
Hi,
Sorry for this beginner's question.
I do not know PHP
and write for my friend.
He has never been a professional programmer.
He studied C and PHP with some books
and made a bulletin board for his hobby homepage.
(He uses MS-Windows XP)
Now, the problem is:
Writing a message
and previewing is OK.
But, after posting, all the words including and after ' (apostrophe/
single quotation mark) disappear.
Well, you didn't give enough information, so we cannot help really.
Some questions:
What is writing a message excactly?
Is that filling in some HTML-form that is submitted to a server?
What is previewing a message excactly?
Is that some JavaScript or does it include a trip to the server?
If so: what does the server do with it?
- some possibilities: Store it in a database, echo it back, store it in a
file.
And then: WHERE do these characters disappear? In a form? or as HTML?
A wild guess:
You write back to the client:
<input type="text" name="whatever" value='I can't do that'>
That is wrong.
If you need " or ' in your response back to the client, make sure you
call htmlentities() around the literal part you send back as value (or in
any other inputelement-value, also textareas).
Regards,
Erwin Moller
Examples are,
--------------------------
I can't do that
==I can
--------------------------............... ......
The person named 'Jim' is smart.
==The person named
-----------------------------.............
Any hints?
dajava,- Hide quoted text -
- Show quoted text -- Hide quoted text -
- Show quoted text -
I forward your wild guess to him.
Let me rephrase my question
with this hypothetical example with google groups.
-----------------------------
I arrived comp.lang.php
and type a message to ask a question.
entering/editing : This is a test. Don't you like this?
previewing : This is a test. Don't you like this? ( great so far)
Now, I click on POST button.
then, what the heck,
I got this : This is a test. Don
Hi,
This is part that needs more words/a better description:
"I got this : This is a test. Don"
My problem is: 'I got this.'.
My exect problem is 'got'.
WHAT did you get WHERE?
Did the browser after submitting say that?
Or did it appear like that in some newsgroup?
In case of browser: Did the text appear like that in an input-element? Or as
plain HTML?
Did you look at the source of the HTML? (rightmousebutt on on the offending
page and select 'view source'.)
You should give us that information, or you will be stuck with my 'wild
guesses'.
;-)
>
('t you like this? : these disappeared)
-----------------------------------------------
I cannot express myself well.
Keep trying. :-)
I do not know PHP.
That is a problem when discussing a PHP problem. Seriously, you, or your
friend, should know roughly what he is doing.
I will post reply again
when I got e-mail from my friend.
OK
Regards,
Erwin Moller
Thanks anyway.
dajava,
This is what he wrote to me yesterday.
------------------------------------------------------
' in code means end of line. therefore, ' and the rest of the senteces
were truncated.
Prewiewing is OK. But, the whole sentence will not saved into DB.
--------------------------------------------------------
and i found the source code.
<?
//
if(($write==3 || $write==11) && $writer != "" && $password != "" &&
$contents != "")
{
if($write==3 && $title != "") //
{
//
$query = "select * from Dora_Board order by no desc limit 0 ,
1";
@$result = mysql_query($qu ery, $Dora_DB);
@$data = mysql_fetch_arr ay($result);
if(strlen($titl e)>=100) //
{
$title_leng=100 ; //
if(strstr(subst r($data[1], 0, 100), " "))
$title_leng = $title_leng - 2;
$data[1] = substr($data[1], 0, $title_leng);
}
if($title != $data[1]) //
{
$query = "INSERT INTO `Dora_Board` (`Title` , `Writer`,
`Password`, `Contents`, `Date`, `Ip`) ";
$query = $query . "VALUES ('" . (string)$title . "', '" .
(string)$writer . "', '" . (string)$passwo rd . "', ";
$query = $query . "'" . (string)$conten ts . "', '" . (string)
$date . "', '" . (string)$ip . "')";
@$result = mysql_query($qu ery, $Dora_DB);
}
}
elseif($write== 11 && $no != "") //
{
//
$query = "select * from Dora_Board where no='" . $no . "'";
@$result = mysql_query($qu ery, $Dora_DB);
@$data = mysql_fetch_arr ay($result);
//
$query = "select * from Dora_Reply order by no desc limit 0 ,
1";
@$result = mysql_query($qu ery, $Dora_DB);
@$data_r = mysql_fetch_arr ay($result);
if($contents != $data_r[4] || $writer != $data_r[2]) //
{
if($data[7] == 0 || $data[7] == "") //
$data[7] = 1; //
elseif($content s != $data_r[4]) //
$data[7] = $data[7]+1; //
//
$query = "update `Dora_Board` set `Reply` = '" . $data[7] .
"' where `no` = '" . $no . "' Limit 1";
@$result = mysql_query($qu ery, $Dora_DB);
//
$query = "INSERT INTO `Dora_Reply` (`Main_no` , `Writer`,
`Password`, `Contents`, `Date`, `Ip`) ";
$query = $query . "VALUES ('" . (integer)$no . "', '" .
(string)$writer . "', '" . $password . "', ";
$query = $query . "'" . (string)$conten ts . "', '" . (string)
$date . "', '" . (string)$ip . "')";
@$result = mysql_query($qu ery, $Dora_DB);
}
}
}
//
elseif(($write= =6 || $write==14) && $writer != "" && $password != ""
&& $contents != "" && $no != "")
{
if($write==6 && $title != "" && $closed == "")
{
$query = "UPDATE `Dora_Board` SET `no` = '" . $no . "', `Title`
= '" . $title . "', `Writer` = '" . $writer . "', ";
$query = $query . "`Contents` = '" . $contents . "' WHERE `no`
=" . $no . " LIMIT 1";
}
elseif($write== 14 && $ro != "")
{
$query = "UPDATE `Dora_Reply` SET `no` = '" . $ro . "', `Writer`
= '" . $writer . "', ";
$query = "`Contents` = '" . $contents . "' WHERE `no` =" . $ro .
" LIMIT 1";
}
@$result = mysql_query($qu ery, $Dora_DB); //ìž…ë*¥ 쿼리 실행
}
// )
elseif(($write= =8 || $write==16) && $no !="" && $password != "")
{
//.
$query = "select * from Dora_Board where no='" . $no . "'";
@$result = mysql_query($qu ery, $Dora_DB);
@$data = mysql_fetch_arr ay($result);
//
if($write==8 && $data[3] == crypt($password , 'ì”¨ì•—í‚¤ì›Œë“ œ') && $data[7]
== "" || $data[7] == "0")
{
$query = "delete from `Dora_Board` where `no` = '" . $no .
"'";
@$result = mysql_query($qu ery, $Dora_DB);
}
//
elseif($write== 16 && ro != "")
{
//
$query = "select * from Dora_Reply where no='" . $ro . "'";
@$result = mysql_query($qu ery, $Dora_DB);
@$data_r = mysql_fetch_arr ay($result);
//
if($data_r[3] == crypt($password , '씨앗 키워드'))
{
$query = "delete from `Dora_Reply` where `no` = '" . $ro .
"'";
@$result = mysql_query($qu ery, $Dora_DB);
//
$data[7] = $data[7] -1;
$query = "update `Dora_Board` set `Reply` = '" . $data[7] .
"' where `no` = '" . $no . "' Limit 1";
@$result = mysql_query($qu ery, $Dora_DB);
}
}
}
include("./board.php"); //
?>
dajava,
dajava wrote:
$query = "INSERT INTO `Dora_Board` (`Title` , `Writer`,
`Password`, `Contents`, `Date`, `Ip`) ";
$query = $query . "VALUES ('" . (string)$title . "', '" .
(string)$writer . "', '" . (string)$passwo rd . "', ";
$query = $query . "'" . (string)$conten ts . "', '" . (string)
$date . "', '" . (string)$ip . "')";
As I said -- mysql_real_esca pe_string(). Replace the above with:
$query = sprintf("INSERT INTO Dora_Board (Title, Writer, Password, Contents, Date, Ip)
VALUES ('%s', '%s', '%s', '%s', '%s', '%s');",
mysql_real_esca pe_string($titl e),
mysql_real_esca pe_string($writ er),
mysql_real_esca pe_string($pass word),
mysql_real_esca pe_string($cont ents),
mysql_real_esca pe_string($date ),
mysql_real_esca pe_string($ip)) ;
There are several other chunks of code that need rewriting similarly, but
that should fix the immediate problem.
If you don't fix these problems your site is open to being cracked by
nasty people. Yes, really.
Google: mysql_real_esca pe_string.
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux
* = I'm getting there!
On Mar 7, 6:48 am, Toby A Inkster <usenet200...@t obyinkster.co.u k>
wrote:
dajava wrote:
$query = "INSERT INTO `Dora_Board` (`Title` , `Writer`,
`Password`, `Contents`, `Date`, `Ip`) ";
$query = $query . "VALUES ('" . (string)$title . "', '" .
(string)$writer . "', '" . (string)$passwo rd . "', ";
$query = $query . "'" . (string)$conten ts . "', '" . (string)
$date . "', '" . (string)$ip . "')";
As I said -- mysql_real_esca pe_string(). Replace the above with:
$query = sprintf("INSERT INTO Dora_Board (Title, Writer, Password, Contents, Date, Ip)
VALUES ('%s', '%s', '%s', '%s', '%s', '%s');",
mysql_real_esca pe_string($titl e),
mysql_real_esca pe_string($writ er),
mysql_real_esca pe_string($pass word),
mysql_real_esca pe_string($cont ents),
mysql_real_esca pe_string($date ),
mysql_real_esca pe_string($ip)) ;
There are several other chunks of code that need rewriting similarly, but
that should fix the immediate problem.
If you don't fix these problems your site is open to being cracked by
nasty people. Yes, really.
Google: mysql_real_esca pe_string.
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux
* = I'm getting there!
Hi,
I received an e-mail form him a moment ago.
He fixed the ' problem based on your advice.
Two comments of mine:
1.
mysql_real_esca pe_string is not part of PHP 4.0
Therefore, he did some researches on internet
and found out that it is part of PHP 4.3.
2. He just used your codes,
he doesn't know rational behind mysql_real_esca pe_string. Lol...
I would like to thank Erwin and Tony for helping my frined.
dajava,
dajava wrote:
he doesn't know rational behind mysql_real_esca pe_string.
The rationale is thus:
The apostrophe character (') has a special meaning in SQL in that it
delimits (i.e. marks the beginning and end of) text. For example:
UPDATE my_table SET my_col='Hello World!';
Now, imagine that your text contains an apostrophe:
UPDATE my_table SET my_col='It's Raining Men';
Because the apostrophe is used to mark the end of some text, the above is
interpreted by the SQL engine as:
UPDATE my_table SET my_col='It'
with some spurious text after it.
mysql_real_esca pe_string(), and equivalent functions for other databases,
is used to encode the apostrophes (and other special characters) to make
them safe to use in SQL.
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux
* = I'm getting there!
dajava wrote:
mysql_real_esca pe_string is not part of PHP 4.0
Therefore, he did some researches on internet
and found out that it is part of PHP 4.3.
I believe there is an older mysql_escape_st ring() in some versions of PHP.
Also, for many purposes the addslashes() function will suffice, and that's
been part of PHP for many moons.
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux
* = I'm getting there! This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Robert Garrett |
last post by:
Hi,
I've created a table in SQL Server 2000 and I'm now trying to search
through the data and return specific rows. I'm using this command:
select * from Export where libelle_court='Recherche d'investisseurs'
The problem is this: The search fails whenever there is a curly
single quotation mark within the table field ( ' as opposed to ' ).
For example, if the field entry in my table is this:
|
by: Mark Tranchant |
last post by:
Take a look at this page:
http://tranchant.plus.com/cycling/gears/ratio
Just over half-way down is the sentence 'My wheels are approximately 27?
in diameter'.
I use the ″ double prime for the inches symbol. My site uses the
Trebuchet MS font as a first choice where available.
|
by: Greg |
last post by:
I keep getting an error when I have a tick mark in a text value that I am
searching for in my XPath Query.
Example:
<Authors>
<Author LastName="O'Donnel">
<Author LastName="Smith">
</Authors>
|
by: Capricorn.St |
last post by:
Hi,
which of the following two codes is correct and where is the correct
notation standardized:
a) alert("Hello World");
b) alert('Hello World');
Thanx
Stefan
|
by: VB Programmer |
last post by:
In my dev environment the single quote/apostrophe shows up fine.
When I publish the site all the single quotes are missing.
Any ideas why?
Is there a special character I have to use for the single quote?
| | |
by: U Aye Thein |
last post by:
I found in internet how to solve single quotation mark in string and how to solve double quotation mark in string but my string may be contained single quote or double quote. How to write an expression for my string test.
|
by: Royan |
last post by:
Difference between quotation and apostrophe in PHP
I wonder is there any difference between strings wrapped into
quotation marks or into apostrophes and if so is there any situation
when one is preferable to the other?
-R.
|
by: Thomas 'PointedEars' Lahn |
last post by:
Jukka K. Korpela wrote:
IBTD. For example, in English it is customary (and AIUI expected) to use
the character that ’ represents should be used to delimit a quotation
within direct speech (which itself should be delimited by “ and
”. (I gathered that from reading several English books.)
I think you would agree that it would make especially English text with
quotations in direct speech (say, in a novel where one person tells another...
|
by: Alan Mailer |
last post by:
Ok, I've looked for an answer for this, because I'm sure it's been
asked a thousand times... but no luck... so here goes.
Imagine I want to create a NodeList based on an XPath statement. The
'query' portion of that statement wants to search for the following
value:
Joe's Garage
....now please note the APOSTROPHE in the above string.
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
