Hi,
Sorry for this beginner's question.
I do not know PHP
and write for my friend.
He has never been a professional programmer.
He studied C and PHP with some books
and made a bulletin board for his hobby homepage.
(He uses MS-Windows XP)
Now, the problem is:
Writing a message
and previewing is OK.
But, after posting, all the words including and after ' (apostrophe/
single quotation mark) disappear.
Examples are,
--------------------------
I can't do that
==I can
--------------------------.....................
The person named 'Jim' is smart.
==The person named
-----------------------------.............
Any hints?
dajava,
9  6864 
dajava wrote:
Hi,
Sorry for this beginner's question.
I do not know PHP
and write for my friend.
He has never been a professional programmer.
He studied C and PHP with some books
and made a bulletin board for his hobby homepage.
(He uses MS-Windows XP)
Now, the problem is:
Writing a message
and previewing is OK.
But, after posting, all the words including and after ' (apostrophe/
single quotation mark) disappear.
Well, you didn't give enough information, so we cannot help really.
Some questions:
What is writing a message excactly?
Is that filling in some HTML-form that is submitted to a server?
What is previewing a message excactly?
Is that some JavaScript or does it include a trip to the server?
If so: what does the server do with it?
- some possibilities: Store it in a database, echo it back, store it in a
file.
And then: WHERE do these characters disappear? In a form? or as HTML?
A wild guess:
You write back to the client:
<input type="text" name="whatever" value='I can't do that'>
That is wrong.
If you need " or ' in your response back to the client, make sure you call
htmlentities() around the literal part you send back as value (or in any
other inputelement-value, also textareas).
Regards,
Erwin Moller
>
Examples are,
--------------------------
I can't do that
==I can
--------------------------.....................
The person named 'Jim' is smart.
==The person named
-----------------------------.............
Any hints?
dajava,
dajava wrote:
But, after posting, all the words including and after ' (apostrophe/
single quotation mark) disappear.
Google: mysql_real_escape_string
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux
* = I'm getting there!
On Mar 6, 7:05 pm, Erwin Moller
<since_humans_read_this_I_am_spammed_too_m...@spam yourself.comwrote:
dajava wrote:
Hi,
Sorry for this beginner's question.
I do not know PHP
and write for my friend.
He has never been a professional programmer.
He studied C and PHP with some books
and made a bulletin board for his hobby homepage.
(He uses MS-Windows XP)
Now, the problem is:
Writing a message
and previewing is OK.
But, after posting, all the words including and after ' (apostrophe/
single quotation mark) disappear.
Well, you didn't give enough information, so we cannot help really.
Some questions:
What is writing a message excactly?
Is that filling in some HTML-form that is submitted to a server?
What is previewing a message excactly?
Is that some JavaScript or does it include a trip to the server?
If so: what does the server do with it?
- some possibilities: Store it in a database, echo it back, store it in a
file.
And then: WHERE do these characters disappear? In a form? or as HTML?
A wild guess:
You write back to the client:
<input type="text" name="whatever" value='I can't do that'>
That is wrong.
If you need " or ' in your response back to the client, make sure you call
htmlentities() around the literal part you send back as value (or in any
other inputelement-value, also textareas).
Regards,
Erwin Moller
Examples are,
--------------------------
I can't do that
==I can
--------------------------.....................
The person named 'Jim' is smart.
==The person named
-----------------------------.............
Any hints?
dajava,- Hide quoted text -
- Show quoted text -- Hide quoted text -
- Show quoted text -
I forward your wild guess to him.
Let me rephrase my question
with this hypothetical example with google groups.
-----------------------------
I arrived comp.lang.php
and type a message to ask a question.
entering/editing : This is a test. Don't you like this?
previewing : This is a test. Don't you like this? ( great so far)
Now, I click on POST button.
then, what the heck,
I got this : This is a test. Don
('t you like this? : these disappeared)
-----------------------------------------------
I cannot express myself well.
I do not know PHP.
I will post reply again
when I got e-mail from my friend.
Thanks anyway.
dajava,
dajava wrote:
On Mar 6, 7:05 pm, Erwin Moller
<since_humans_read_this_I_am_spammed_too_m...@spam yourself.comwrote:
>dajava wrote:
Hi,
Sorry for this beginner's question.
I do not know PHP
and write for my friend.
He has never been a professional programmer.
He studied C and PHP with some books
and made a bulletin board for his hobby homepage.
(He uses MS-Windows XP)
Now, the problem is:
Writing a message
and previewing is OK.
But, after posting, all the words including and after ' (apostrophe/
single quotation mark) disappear.
Well, you didn't give enough information, so we cannot help really.
Some questions:
What is writing a message excactly?
Is that filling in some HTML-form that is submitted to a server?
What is previewing a message excactly?
Is that some JavaScript or does it include a trip to the server?
If so: what does the server do with it?
- some possibilities: Store it in a database, echo it back, store it in a
file.
And then: WHERE do these characters disappear? In a form? or as HTML?
A wild guess:
You write back to the client:
<input type="text" name="whatever" value='I can't do that'>
That is wrong.
If you need " or ' in your response back to the client, make sure you
call htmlentities() around the literal part you send back as value (or in
any other inputelement-value, also textareas).
Regards,
Erwin Moller
Examples are,
--------------------------
I can't do that
==I can
--------------------------.....................
The person named 'Jim' is smart.
==The person named
-----------------------------.............
Any hints?
dajava,- Hide quoted text -
- Show quoted text -- Hide quoted text -
- Show quoted text -
I forward your wild guess to him.
Let me rephrase my question
with this hypothetical example with google groups.
-----------------------------
I arrived comp.lang.php
and type a message to ask a question.
entering/editing : This is a test. Don't you like this?
previewing : This is a test. Don't you like this? ( great so far)
Now, I click on POST button.
then, what the heck,
I got this : This is a test. Don
Hi,
This is part that needs more words/a better description:
"I got this : This is a test. Don"
My problem is: 'I got this.'.
My exect problem is 'got'.
WHAT did you get WHERE?
Did the browser after submitting say that?
Or did it appear like that in some newsgroup?
In case of browser: Did the text appear like that in an input-element? Or as
plain HTML?
Did you look at the source of the HTML? (rightmousebutton on the offending
page and select 'view source'.)
You should give us that information, or you will be stuck with my 'wild
guesses'.
;-)
>
('t you like this? : these disappeared)
-----------------------------------------------
I cannot express myself well.
Keep trying. :-)
I do not know PHP.
That is a problem when discussing a PHP problem. Seriously, you, or your
friend, should know roughly what he is doing.
I will post reply again
when I got e-mail from my friend.
OK
Regards,
Erwin Moller
Thanks anyway.
dajava,
This is what he wrote to me yesterday.
------------------------------------------------------
' in code means end of line. therefore, ' and the rest of the senteces
were truncated.
Prewiewing is OK. But, the whole sentence will not saved into DB.
--------------------------------------------------------
and i found the source code.
<?
//
if(($write==3 || $write==11) && $writer != "" && $password != "" &&
$contents != "")
{
if($write==3 && $title != "") //
{
//
$query = "select * from Dora_Board order by no desc limit 0 ,
1";
@$result = mysql_query($query, $Dora_DB);
@$data = mysql_fetch_array($result);
if(strlen($title)>=100) //
{
$title_leng=100; //
if(strstr(substr($data[1], 0, 100), " "))
$title_leng = $title_leng - 2;
$data[1] = substr($data[1], 0, $title_leng);
}
if($title != $data[1]) //
{
$query = "INSERT INTO `Dora_Board` (`Title` , `Writer`,
`Password`, `Contents`, `Date`, `Ip`) ";
$query = $query . "VALUES ('" . (string)$title . "', '" .
(string)$writer . "', '" . (string)$password . "', ";
$query = $query . "'" . (string)$contents . "', '" . (string)
$date . "', '" . (string)$ip . "')";
@$result = mysql_query($query, $Dora_DB);
}
}
elseif($write==11 && $no != "") //
{
//
$query = "select * from Dora_Board where no='" . $no . "'";
@$result = mysql_query($query, $Dora_DB);
@$data = mysql_fetch_array($result);
//
$query = "select * from Dora_Reply order by no desc limit 0 ,
1";
@$result = mysql_query($query, $Dora_DB);
@$data_r = mysql_fetch_array($result);
if($contents != $data_r[4] || $writer != $data_r[2]) //
{
if($data[7] == 0 || $data[7] == "") //
$data[7] = 1; //
elseif($contents != $data_r[4]) //
$data[7] = $data[7]+1; //
//
$query = "update `Dora_Board` set `Reply` = '" . $data[7] .
"' where `no` = '" . $no . "' Limit 1";
@$result = mysql_query($query, $Dora_DB);
//
$query = "INSERT INTO `Dora_Reply` (`Main_no` , `Writer`,
`Password`, `Contents`, `Date`, `Ip`) ";
$query = $query . "VALUES ('" . (integer)$no . "', '" .
(string)$writer . "', '" . $password . "', ";
$query = $query . "'" . (string)$contents . "', '" . (string)
$date . "', '" . (string)$ip . "')";
@$result = mysql_query($query, $Dora_DB);
}
}
}
//
elseif(($write==6 || $write==14) && $writer != "" && $password != ""
&& $contents != "" && $no != "")
{
if($write==6 && $title != "" && $closed == "")
{
$query = "UPDATE `Dora_Board` SET `no` = '" . $no . "', `Title`
= '" . $title . "', `Writer` = '" . $writer . "', ";
$query = $query . "`Contents` = '" . $contents . "' WHERE `no`
=" . $no . " LIMIT 1";
}
elseif($write==14 && $ro != "")
{
$query = "UPDATE `Dora_Reply` SET `no` = '" . $ro . "', `Writer`
= '" . $writer . "', ";
$query = "`Contents` = '" . $contents . "' WHERE `no` =" . $ro .
" LIMIT 1";
}
@$result = mysql_query($query, $Dora_DB); //μ
λ*₯ 쿼리 μ€ν
}
// )
elseif(($write==8 || $write==16) && $no !="" && $password != "")
{
//.
$query = "select * from Dora_Board where no='" . $no . "'";
@$result = mysql_query($query, $Dora_DB);
@$data = mysql_fetch_array($result);
//
if($write==8 && $data[3] == crypt($password, 'μ¨μν€μλ') && $data[7]
== "" || $data[7] == "0")
{
$query = "delete from `Dora_Board` where `no` = '" . $no .
"'";
@$result = mysql_query($query, $Dora_DB);
}
//
elseif($write==16 && ro != "")
{
//
$query = "select * from Dora_Reply where no='" . $ro . "'";
@$result = mysql_query($query, $Dora_DB);
@$data_r = mysql_fetch_array($result);
//
if($data_r[3] == crypt($password, 'μ¨μ ν€μλ'))
{
$query = "delete from `Dora_Reply` where `no` = '" . $ro .
"'";
@$result = mysql_query($query, $Dora_DB);
//
$data[7] = $data[7] -1;
$query = "update `Dora_Board` set `Reply` = '" . $data[7] .
"' where `no` = '" . $no . "' Limit 1";
@$result = mysql_query($query, $Dora_DB);
}
}
}
include("./board.php"); //
?>
dajava,
dajava wrote:
$query = "INSERT INTO `Dora_Board` (`Title` , `Writer`,
`Password`, `Contents`, `Date`, `Ip`) ";
$query = $query . "VALUES ('" . (string)$title . "', '" .
(string)$writer . "', '" . (string)$password . "', ";
$query = $query . "'" . (string)$contents . "', '" . (string)
$date . "', '" . (string)$ip . "')";
As I said -- mysql_real_escape_string(). Replace the above with:
$query = sprintf("INSERT INTO Dora_Board (Title, Writer, Password, Contents, Date, Ip)
VALUES ('%s', '%s', '%s', '%s', '%s', '%s');",
mysql_real_escape_string($title),
mysql_real_escape_string($writer),
mysql_real_escape_string($password),
mysql_real_escape_string($contents),
mysql_real_escape_string($date),
mysql_real_escape_string($ip));
There are several other chunks of code that need rewriting similarly, but
that should fix the immediate problem.
If you don't fix these problems your site is open to being cracked by
nasty people. Yes, really.
Google: mysql_real_escape_string.
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux
* = I'm getting there!
On Mar 7, 6:48 am, Toby A Inkster <usenet200...@tobyinkster.co.uk>
wrote:
dajava wrote:
$query = "INSERT INTO `Dora_Board` (`Title` , `Writer`,
`Password`, `Contents`, `Date`, `Ip`) ";
$query = $query . "VALUES ('" . (string)$title . "', '" .
(string)$writer . "', '" . (string)$password . "', ";
$query = $query . "'" . (string)$contents . "', '" . (string)
$date . "', '" . (string)$ip . "')";
As I said -- mysql_real_escape_string(). Replace the above with:
$query = sprintf("INSERT INTO Dora_Board (Title, Writer, Password, Contents, Date, Ip)
VALUES ('%s', '%s', '%s', '%s', '%s', '%s');",
mysql_real_escape_string($title),
mysql_real_escape_string($writer),
mysql_real_escape_string($password),
mysql_real_escape_string($contents),
mysql_real_escape_string($date),
mysql_real_escape_string($ip));
There are several other chunks of code that need rewriting similarly, but
that should fix the immediate problem.
If you don't fix these problems your site is open to being cracked by
nasty people. Yes, really.
Google: mysql_real_escape_string.
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux
* = I'm getting there!
Hi,
I received an e-mail form him a moment ago.
He fixed the ' problem based on your advice.
Two comments of mine:
1.
mysql_real_escape_string is not part of PHP 4.0
Therefore, he did some researches on internet
and found out that it is part of PHP 4.3.
2. He just used your codes,
he doesn't know rational behind mysql_real_escape_string. Lol...
I would like to thank Erwin and Tony for helping my frined.
dajava,
dajava wrote:
he doesn't know rational behind mysql_real_escape_string.
The rationale is thus:
The apostrophe character (') has a special meaning in SQL in that it
delimits (i.e. marks the beginning and end of) text. For example:
UPDATE my_table SET my_col='Hello World!';
Now, imagine that your text contains an apostrophe:
UPDATE my_table SET my_col='It's Raining Men';
Because the apostrophe is used to mark the end of some text, the above is
interpreted by the SQL engine as:
UPDATE my_table SET my_col='It'
with some spurious text after it.
mysql_real_escape_string(), and equivalent functions for other databases,
is used to encode the apostrophes (and other special characters) to make
them safe to use in SQL.
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux
* = I'm getting there!
dajava wrote:
mysql_real_escape_string is not part of PHP 4.0
Therefore, he did some researches on internet
and found out that it is part of PHP 4.3.
I believe there is an older mysql_escape_string() in some versions of PHP.
Also, for many purposes the addslashes() function will suffice, and that's
been part of PHP for many moons.
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux
* = I'm getting there! This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Robert Garrett |
last post by:
Hi,
I've created a table in SQL Server 2000 and I'm now trying to search
through the data and return specific rows. I'm using this command:
select * from Export where libelle_court='Recherche...
|
by: Mark Tranchant |
last post by:
Take a look at this page:
http://tranchant.plus.com/cycling/gears/ratio
Just over half-way down is the sentence 'My wheels are approximately 27?
in diameter'.
I use the ″ double prime for...
|
by: Greg |
last post by:
I keep getting an error when I have a tick mark in a text value that I am
searching for in my XPath Query.
Example:
<Authors>
<Author LastName="O'Donnel">
<Author LastName="Smith">...
|
by: Capricorn.St |
last post by:
Hi,
which of the following two codes is correct and where is the correct
notation standardized:
a) alert("Hello World");
b) alert('Hello World');
Thanx
Stefan
|
by: VB Programmer |
last post by:
In my dev environment the single quote/apostrophe shows up fine.
When I publish the site all the single quotes are missing.
Any ideas why?
Is there a special character I have to use for the...
|
by: U Aye Thein |
last post by:
I found in internet how to solve single quotation mark in string and how to solve double quotation mark in string but my string may be contained single quote or double quote. How to write an...
|
by: Royan |
last post by:
Difference between quotation and apostrophe in PHP
I wonder is there any difference between strings wrapped into
quotation marks or into apostrophes and if so is there any situation
when one is...
|
by: Thomas 'PointedEars' Lahn |
last post by:
Jukka K. Korpela wrote:
IBTD. For example, in English it is customary (and AIUI expected) to use
the character that ’ represents should be used to delimit a quotation
within direct speech...
|
by: Alan Mailer |
last post by:
Ok, I've looked for an answer for this, because I'm sure it's been
asked a thousand times... but no luck... so here goes.
Imagine I want to create a NodeList based on an XPath statement. The...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
