OK, I've been searching around the net for numerous hours and seem to just be
getting more confused about handling special characters.
In my host's configuration MagicQuotes is ON. (I understand this is considered
a bad thing by many)
A user submitted an email in the form 'Bob Smith' <bo*@nospam.com>
Now when I look in the MySql database (via PhpMyAdmin) it's exactly that, but
when I try to retrieve it with a standard query, it echo's or prints as Bob
Smith. I have the same problem with a store name containing a single
apostrophe. Obviously the single quote is stopping it, but how do I get past
that?
Many thanks,
Larry L 9 2544
Message-ID: <ty******************@tornado.socal.rr.com> from Larry
contained the following: A user submitted an email in the form 'Bob Smith' <bo*@nospam.com> Now when I look in the MySql database (via PhpMyAdmin) it's exactly that, but when I try to retrieve it with a standard query, it echo's or prints as Bob Smith. I have the same problem with a store name containing a single apostrophe. Obviously the single quote is stopping it, but how do I get past that?
What code are you using to echo or print it?
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
"Larry" <no***@none.com> wrote in message
news:ty******************@tornado.socal.rr.com... OK, I've been searching around the net for numerous hours and seem to just be getting more confused about handling special characters.
In my host's configuration MagicQuotes is ON. (I understand this is considered a bad thing by many)
A user submitted an email in the form 'Bob Smith' <bo*@nospam.com> Now when I look in the MySql database (via PhpMyAdmin) it's exactly that, but when I try to retrieve it with a standard query, it echo's or prints as Bob Smith. I have the same problem with a store name containing a single apostrophe. Obviously the single quote is stopping it, but how do I get past that?
In HTML <bo*@nospam.com> will be concidered as a tag, nonsense tag since
it's not really a tag but the <> make html think it is, therefor it's
hidden. To fix it, special chars need to be converted to format where html
does not concider them as control characters such as tag delimiters. There
is a function that does this conversion called htmlspecialchars.
Try something like:
echo htmlspecialchars("'Bob Smith' <bo*@nospam.com>"); http://php.net/htmlspecialchars
--
"En ole paha ihminen, mutta omenat ovat elinkeinoni." -Perttu Sirviö sp**@outolempi.net | Gedoon-S @ IRCnet | rot13(xv***@bhgbyrzcv.arg)
In article <Yh**************@reader1.news.jippii.net>, "Kimmo Laine" <sp**@outolempi.net> wrote: "Larry" <no***@none.com> wrote in message news:ty******************@tornado.socal.rr.com. .. OK, I've been searching around the net for numerous hours and seem to just be getting more confused about handling special characters.
In my host's configuration MagicQuotes is ON. (I understand this is considered a bad thing by many)
A user submitted an email in the form 'Bob Smith' <bo*@nospam.com> Now when I look in the MySql database (via PhpMyAdmin) it's exactly that, but when I try to retrieve it with a standard query, it echo's or prints as Bob Smith. I have the same problem with a store name containing a single apostrophe. Obviously the single quote is stopping it, but how do I get past that?
In HTML <bo*@nospam.com> will be concidered as a tag, nonsense tag since it's not really a tag but the <> make html think it is, therefor it's hidden. To fix it, special chars need to be converted to format where html does not concider them as control characters such as tag delimiters. There is a function that does this conversion called htmlspecialchars.
Try something like: echo htmlspecialchars("'Bob Smith' <bo*@nospam.com>");
http://php.net/htmlspecialchars
Actually I am placing the value into a hidden form field that's then emailed
via a formmail program.
echo("<input type='hidden' name='my_email' value='$email'>");
I see your point about HTML seeing it as a nonsense tag however, and
understand how the single quote will also mess it up as there are others in
the <input> field and it will see it as an end to something.
I guess I'm back to stripping all the special characters out before they get
put into the database. Hmmmm...
Thanks much for the help,
Larry L
Larry wrote: OK, I've been searching around the net for numerous hours and seem to just be getting more confused about handling special characters.
In my host's configuration MagicQuotes is ON. (I understand this is considered a bad thing by many)
A user submitted an email in the form 'Bob Smith' <bo*@nospam.com> Now when I look in the MySql database (via PhpMyAdmin) it's exactly that, but when I try to retrieve it with a standard query, it echo's or prints as Bob Smith. I have the same problem with a store name containing a single apostrophe. Obviously the single quote is stopping it, but how do I get past that?
Many thanks, Larry L
Larry,
Single quotes are also used as a delimiter in SQL. But are you sure that's your
problem? If you had mismatched quotes, I would expect you to get an error when
you try to insert it into the database.
Chances are the problem is in the display of the data. First of all, do you see
it if you look at the page source in your browser? If the data is there, it's
only a matter of handling the special characters - check out htmlentities().
If the data is not there, you need to look at your code to see what happened.
And BTW - your method is *very* insecure. It will easily turn your site into a
spammers paradise. All one has to do is submit a form with another email
address in the hidden field. Rather, save the primary key in the hidden field
and retrieve the email address from the database when you send the email.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
"Larry" <no***@none.com> wrote in message
news:V0*****************@tornado.socal.rr.com... In article <Yh**************@reader1.news.jippii.net>, "Kimmo Laine" <sp**@outolempi.net> wrote:"Larry" <no***@none.com> wrote in message news:ty******************@tornado.socal.rr.com.. . OK, I've been searching around the net for numerous hours and seem to just be getting more confused about handling special characters.
In my host's configuration MagicQuotes is ON. (I understand this is considered a bad thing by many)
A user submitted an email in the form 'Bob Smith' <bo*@nospam.com> Now when I look in the MySql database (via PhpMyAdmin) it's exactly that, but when I try to retrieve it with a standard query, it echo's or prints as Bob Smith. I have the same problem with a store name containing a single apostrophe. Obviously the single quote is stopping it, but how do I get past that?
In HTML <bo*@nospam.com> will be concidered as a tag, nonsense tag since it's not really a tag but the <> make html think it is, therefor it's hidden. To fix it, special chars need to be converted to format where html does not concider them as control characters such as tag delimiters. There is a function that does this conversion called htmlspecialchars.
Try something like: echo htmlspecialchars("'Bob Smith' <bo*@nospam.com>");
http://php.net/htmlspecialchars
Actually I am placing the value into a hidden form field that's then emailed via a formmail program.
echo("<input type='hidden' name='my_email' value='$email'>");
Please please please concider an alternative solution! Form mail scripts
like that are very potential spam relays, especially the Formmail from Matts
Script Archive is the most classic exploited script. Do yourself and
everyone else a favor and study a bit how such solutions get exploited.
Basicly spammers replace the value with another email address and send their
own shit using your script. http://www.google.com/search?hl=en&q...=Google+Search http://rickconner.net/spamweb/spam_formmail.html
--
"En ole paha ihminen, mutta omenat ovat elinkeinoni." -Perttu Sirviö sp**@outolempi.net | Gedoon-S @ IRCnet | rot13(xv***@bhgbyrzcv.arg)
Message-ID: <V0*****************@tornado.socal.rr.com> from Larry
contained the following: I guess I'm back to stripping all the special characters out before they get put into the database. Hmmmm...
No, you don't need to do that.
Just use htmlentities($sting, ENT_QUOTES)
But I'll echo the other concerns about security...
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
In article <6p********************@comcast.com>, Jerry Stuckle <js*******@attglobal.net> wrote: Larry wrote: OK, I've been searching around the net for numerous hours and seem to just be
getting more confused about handling special characters.
In my host's configuration MagicQuotes is ON. (I understand this is considered a bad thing by many)
A user submitted an email in the form 'Bob Smith' <bo*@nospam.com> Now when I look in the MySql database (via PhpMyAdmin) it's exactly that, but
when I try to retrieve it with a standard query, it echo's or prints as Bob Smith. I have the same problem with a store name containing a single apostrophe. Obviously the single quote is stopping it, but how do I get past that?
Many thanks, Larry L
Larry,
Single quotes are also used as a delimiter in SQL. But are you sure that's your problem? If you had mismatched quotes, I would expect you to get an error when
you try to insert it into the database.
Chances are the problem is in the display of the data. First of all, do you see it if you look at the page source in your browser? If the data is there, it's only a matter of handling the special characters - check out htmlentities().
If the data is not there, you need to look at your code to see what happened.
And BTW - your method is *very* insecure. It will easily turn your site into a
spammers paradise. All one has to do is submit a form with another email address in the hidden field. Rather, save the primary key in the hidden field and retrieve the email address from the database when you send the email.
Thanks for the good advice, it didn't dawn on me until yesterday that I
could look at the source of the displayed page to see if the data was actually
there.
I think the mismatched quotes problem was handled by magicquotes being turned
on, as the single quote makes it into the MySQL database ok.
I do understand a little about how bad formmail scrips can be. It's not as bad
as it seems, however. Mine will not send an email to a supplied address, it
uses a code that the form supplies in a hidden field to determine which of 4
emails it will send to. That seems to me to be fairly safe, no?
Larry L
In article <%S**************@reader1.news.jippii.net>, "Kimmo Laine" <sp**@outolempi.net> wrote: "Larry" <no***@none.com> wrote in message news:V0*****************@tornado.socal.rr.com.. . In article <Yh**************@reader1.news.jippii.net>, "Kimmo Laine" <sp**@outolempi.net> wrote:"Larry" <no***@none.com> wrote in message
snip Actually I am placing the value into a hidden form field that's then emailed via a formmail program.
echo("<input type='hidden' name='my_email' value='$email'>");
Please please please concider an alternative solution! Form mail scripts like that are very potential spam relays, especially the Formmail from Matts Script Archive is the most classic exploited script. Do yourself and everyone else a favor and study a bit how such solutions get exploited. Basicly spammers replace the value with another email address and send their own shit using your script.
http://www.google.com/search?hl=en&q...btnG=Google+Se arch http://rickconner.net/spamweb/spam_formmail.html
Well it's not quite that bad, and yes I've heard all about Matts scripts! What
isn't obvious from the line of code above is that $email is NOT an email
address, it's a code, 1 of 4 in my case, that my Formmail script uses to
decide which of 4 emails to send the form to. Sending anything else other than
the 4 recognized codes just results in the FormMail terminating. Though I'm no
expert on the subject, my belief is that's a reasonable solution.
Larry L
Larry wrote: In article <6p********************@comcast.com>, Jerry Stuckle <js*******@attglobal.net> wrote:
Larry wrote:
OK, I've been searching around the net for numerous hours and seem to just be
getting more confused about handling special characters.
In my host's configuration MagicQuotes is ON. (I understand this is
considered
a bad thing by many)
A user submitted an email in the form 'Bob Smith' <bo*@nospam.com> Now when I look in the MySql database (via PhpMyAdmin) it's exactly that, but
when I try to retrieve it with a standard query, it echo's or prints as Bob Smith. I have the same problem with a store name containing a single apostrophe. Obviously the single quote is stopping it, but how do I get past that?
Many thanks, Larry L
Larry,
Single quotes are also used as a delimiter in SQL. But are you sure that's your problem? If you had mismatched quotes, I would expect you to get an error when
you try to insert it into the database.
Chances are the problem is in the display of the data. First of all, do you see it if you look at the page source in your browser? If the data is there, it's only a matter of handling the special characters - check out htmlentities().
If the data is not there, you need to look at your code to see what happened.
And BTW - your method is *very* insecure. It will easily turn your site into a
spammers paradise. All one has to do is submit a form with another email address in the hidden field. Rather, save the primary key in the hidden field and retrieve the email address from the database when you send the email.
Thanks for the good advice, it didn't dawn on me until yesterday that I could look at the source of the displayed page to see if the data was actually there.
I think the mismatched quotes problem was handled by magicquotes being turned on, as the single quote makes it into the MySQL database ok.
I do understand a little about how bad formmail scrips can be. It's not as bad as it seems, however. Mine will not send an email to a supplied address, it uses a code that the form supplies in a hidden field to determine which of 4 emails it will send to. That seems to me to be fairly safe, no?
Larry L
Larry,
Yes, that should be quite safe.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
================== This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Roy W. Andersen |
last post by:
I've been searching google about this for days but can't find anything,
so I'm hoping someone here can help me out.
I'm trying to create zip-files without needing the zip-file extension in
PHP,...
|
by: Larry Neylon |
last post by:
Hi,
I'm writing a vbscript application that reads UTF-8 XML containing Chinese
characters and stores the data in MySql 4.0.x.
Does anybody have any experience in this area with regarding...
|
by: Sakharam Phapale |
last post by:
Hi All,
I am using an API function, which takes file path as an input.
When file path contains special characters (@,#,$,%,&,^, etc), API function
gives an error as "Unable to open input file"....
|
by: Carl Mercier |
last post by:
Hi,
Is it possible to use special characters like \n or \t in a VB.NET
string, just like in C#? My guess is NO, but maybe there's something I
don't know.
If it's not possible, does anybody...
|
by: david.lindsay.green |
last post by:
Hello all, I am quite new a web scripting and making web pages in
general and I have stumbled across a problem I have as yet been unable
to solve. I am trying to take the contents of a textarea box...
|
by: Doc |
last post by:
Hello!
I'm experiencing a little problem counting the number of characters in
a textarea on a html page.
This is the content type of my HTML document
content="text/html; charset=iso-8859-1"
...
|
by: sonald |
last post by:
Dear All,
I am working on a module that validates the provided CSV data in a text
format, which must be in a predefined format.
We check for the :
1. Number of fields provided in the text file,...
|
by: KevinADC |
last post by:
Purpose
The purpose of this article is to discuss the difference between characters inside a character class and outside a character class and some special characters inside a character class....
|
by: AAaron123 |
last post by:
Been playing with asp:changepassword and have it looking OK except that I
can't elininate or change the title at the top that says "Change Your
Password". It's a repeat of my pages title.
...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |