Hi Cor,
The side effects of using double and single together on one string
can produce unexpected results with escaped or non-escaped data that
goes in the string.
For example:
This works
$string = "this is a string for bob's database";
or this will to
$string = 'this is a string for bob\'s database';
notice you have to escape the single quote in bob's or it will break.
or this will work to
$string = "this is a string for \"The Super\" database";
notice you have to escape the double quotes in "The Super" or it will
break.
or this
$string = 'this is a string for "The Super" database';
works. however this
$var = "bob's";
$string = 'this is a string for ".$var." database';
will not, it will break on $var because the single quote in bob's is
not escaped.
but if it was
$var = "bob's";
$string = "this is a string for ".$var." database";
it would work. Õ.õ .. ack!
What ever you start and end the string with be it single or double,
continue those when wrapping $var inbetween and if there is that same
single or double quote inside the $var,
make sure it is escaped.
however, if you use double quotes, you dont have to put the quotes
around ".$var."
.. I and many other programers do that for clean code so as to not
loose where $var is in the string.
but it could be
$string = "this is a string for $var database";
but if I did something like this
$string = 'this is a string for $var database';
it doesn't work for me. not sure why, but I think its because with
single quotes,
the dollar symbol gets equated as a string literal and not the
beginning of a php var.
very strange in my opinion how strings work in php. very picky. :)
Also, when I make a call to the database, I always use
mysql_real_escape_string() inside the actual sql statement for
security reasons.
..but alas, all this may not be your problem.
Try echoing the data before the sql statement is created,
after the sql statement is created but before calling the database
and after retreival from the database to compare what is in the string.
Also look inside the database to see what actually gets inserted.
Might even go as far as making sure the table cel is not escaping data
on its own.
Like an escape data setting or something. You might find that your
data is getting double escaped. :P
Totally reaching on that one, but you would be surprised at some of
the stuff I've seen.. lol
WC3 is very good too, but for php stuff I always go with php.net. More
thurough in my opinion.
Plus the user comments from people in the field where they find bugs,
test code and such has helped me emensly.
Did my code work for you? I'm thinking you would have said something
if it did. :-/
Good luck!
Best,
Karl
On Aug 8, 2012, at 4:49 AM, Cor wrote:
Hello Karl,
Because the code is never to be reused, I have put it all-in-one.
But I agree on creating separate functions.
Before I go into that I would like to solve my datagrid issue first.
I thought using it is common to use double quotes when handling
strings and
single quotes when code needs to be parsed?
Are there side effects to be expected when using only single quotes?
From php.net is where I have got this so far.
Also http://www.w3schools.com is very helpful.
Thanks very much for all your help!!!
Best regards,
Cor
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Karl
DeSaulniers
Sent: woensdag 8 augustus 2012 11:12
To: Flash Coders List
Subject: Re: [Flashcoders] HTML in Datagrid component
Hey Cor,
One thing I noticed was the string $xmlOutput was switching between
single
and double quotes. Probably want to stick to one or the other.
Excuse the re-write, but this is how I would write that php.
Don't know if it works as I can not test, but try this code and let
me know
what you get.
Also, you may want to separate each call to the database into separate
functions.
IE:
function getProjects() {
}
function getUserData() {
}
function getMaterials() {
}
$projects = getProjects();
$userdata = getUserData();
$materials = getMaterials();
etc..
then have a function that puts together the XML results.
function createXML($projects, $userdata, $materials) {
}
Your call on that though.
If the code I gave does not work, try taking a look here to see if you
can find a solution for the special characters.
http://php.net/manual/en/function.htmlspecialchars.php
php.net is gold! Best of luck!
:)
Hope everybody doesn't mind the php convo being a flash list.
If so message me personally Cor.
//CODE --------------------------
<?php
///////////// Read Project /////////////
if (isset($_POST['sendRequest']) && $_POST['sendRequest'] ==
"read_project")
{
$xmlOutput = "";
$project_nummer = "";
$project_klantnummer = "";
$currentTable = "tbl_projecten";
if ($_POST['isParticulier'] == "ja") {
$currentTable = "tbl_particulier_projecten";
}
$project_nummer = $_POST['project_nummer'];
$xmlOutput = "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>";
$xmlOutput .= "\n<data>";
//-------PROJECTGEGEVENS
$sql = "SELECT * FROM ".mysql_real_escape_string($currentTable)."
WHERE
project_nummer
=".htmlentities(mysql_real_escape_string($project_nummer));
$result = mysql_query($sql);
$recordArray = array();
//maak assoc array om fieldnames als XML-tags te gebruiken
while ($row = mysql_fetch_assoc($result)) {
array_push($recordArray, $row);
}
for ($i=0; $i<count($recordArray); $i++) {
//echo $recordArray[$i]['id'];
$xmlOutput .= "\t<project>\n";
// $key is de assoc fieldname en $value de inhoud
foreach ($recordArray[$i] as $key => $value) {
$xmlOutput .= "\t\t<" . $key . ">" .
htmlspecialchars(stripslashes($value), ENT_QUOTES, "UTF-8") . "</" .
$key . ">\n";
if($key == "project_klantnummer"){
$project_klantnummer = $value;
}//end if
}//end foreach
$xmlOutput .= "\t</project>\n";
}
//------- KLANTGEGEVENS
$sql = "SELECT * FROM tbl_klanten
WHERE
klant_nummer=".mysql_real_escape_string($project_klantnummer);
$result = mysql_query($sql);
$recordArray = array();
//maak assoc array om fieldnames als XML-tags te gebruiken
while ($row = mysql_fetch_assoc($result)) {
array_push($recordArray, $row);
}
for ($i=0; $i<count($recordArray); $i++) {
//echo $recordArray[$i]['id'];
$xmlOutput .= "\t<klant>\n";
// $key is de assoc fieldname en $value de inhoud
foreach ($recordArray[$i] as $key => $value) {
$xmlOutput .= "\t\t<" . $key . ">" .
htmlspecialchars(stripslashes($value), ENT_QUOTES, "UTF-8") . "</" .
$key . ">\n";
}
$xmlOutput .= "\t</klant>\n";
}
//------- MATERIALENVERBRUIK
$currentTable = "tbl_materialen_verbruik";
if ($_POST['isParticulier'] == "ja") {
$currentTable = "tbl_particulier_materialen_verbruik";
}
$sql = "SELECT * FROM ".mysql_real_escape_string($currentTable)."
WHERE
mv_projectnummer
=".htmlentities(mysql_real_escape_string($project_nummer));
$result = mysql_query($sql);
$recordArray = array();
//maak assoc array om fieldnames als XML-tags te gebruiken
while ($row = mysql_fetch_assoc($result)) {
array_push($recordArray, $row);
}
$xmlOutput.="<materialen_verbruik>";
for ($i=0; $i<count($recordArray); $i++) {
//echo $recordArray[$i]['id'];
$xmlOutput .= "\t<mv>\n";
// $key is de assoc fieldname en $value de inhoud
foreach ($recordArray[$i] as $key => $value) {
$xmlOutput .= "\t\t<" . $key . ">" .
htmlspecialchars(stripslashes($value), ENT_QUOTES, "UTF-8") . "</" .
$key . ">\n";
}
$xmlOutput .= "\t</mv>\n";
}
$xmlOutput.="</materialen_verbruik>";
//------- URENVERBRUIK
$currentTable = "tbl_uren_verbruik";
if ($_POST['isParticulier'] == "ja") {
$currentTable = "tbl_particulier_uren_verbruik";
}
$sql = "SELECT * FROM ".mysql_real_escape_string($currentTable)."
WHERE
uv_projectnummer
=".htmlentities(mysql_real_escape_string($project_nummer));
$result = mysql_query($sql);
$recordArray = array();
//maak assoc array om fieldnames als XML-tags te gebruiken
while ($row = mysql_fetch_assoc($result)) {
array_push($recordArray, $row);
}
$xmlOutput.="<uren_verbruik>";
for ($i=0; $i<count($recordArray); $i++) {
//echo $recordArray[$i]['id'];
$xmlOutput .= "\t<uv>\n";
// $key is de assoc fieldname en $value de inhoud
foreach ($recordArray[$i] as $key => $value) {
$xmlOutput .= "\t\t<" . $key . ">" .
htmlspecialchars(stripslashes($value), ENT_QUOTES, "UTF-8") . "</" .
$key . ">\n";
}
$xmlOutput .= "\t</uv>\n";
}
$xmlOutput.="</uren_verbruik>";
//------- MATERIALEN
$sql = "SELECT * FROM tbl_materialen";
$result = mysql_query($sql);
$recordArray = array();
//maak assoc array om fieldnames als XML-tags te gebruiken
while ($row = mysql_fetch_assoc($result)) {
array_push($recordArray, $row);
}
$xmlOutput.="<materialen>";
for ($i=0; $i<count($recordArray); $i++) {
//echo $recordArray[$i]['id'];
$xmlOutput .= "\t<mat>\n";
// $key is de assoc fieldname en $value de inhoud
foreach ($recordArray[$i] as $key => $value) {
$xmlOutput .= "\t\t<" . $key . ">" .
htmlspecialchars(stripslashes($value), ENT_QUOTES, "UTF-8") . "</" .
$key . ">\n";
}
$xmlOutput .= "\t</mat>\n";
}
$xmlOutput.="</materialen>";
//------- USERDATA ZONDER ACCOUNT_TYPE EN WACHTWOORD !
$sql = "SELECT user_id, voorletters, tussenvoegsel, achternaam,
uurloon FROM tbl_users";
$result = mysql_query($sql);
$recordArray = array();
//maak assoc array om fieldnames als XML-tags te gebruiken
while ($row = mysql_fetch_assoc ($result)) {
array_push($recordArray, $row);
}
$xmlOutput.="<users>";
for ($i=0; $i<count($recordArray); $i++) {
//echo $recordArray[$i]['id'];
$xmlOutput .= "\t<user>\n";
// $key is de assoc fieldname en $value de inhoud
foreach ($recordArray[$i] as $key => $value) {
$xmlOutput .= "\t\t<" . $key . ">" .
htmlspecialchars(stripslashes($value), ENT_QUOTES, "UTF-8") . "</" .
$key . ">\n";
}
$xmlOutput .= "\t</user>\n";
}
$xmlOutput.="</users>";
//sluit de root tag
$xmlOutput .= "</data>";
header("Content-type: text/xml");
print "returnXML=".$xmlOutput;
}
//End READ PROJECT
?>
//END CODE ------------------
FYI, the ENT_QUOTES and "UTF-8" can be removed if you wish.
That is mostly what I wanted to see if works.
Best,
Karl
On Aug 8, 2012, at 2:19 AM, Cor wrote:
Karl,
Maybe the full picture helps some more
I use these functions to create a xml string to return to Flash.
With use of the mysql fieldnames as key en the content as value and
never
have to worry about wath the fieldnames are.
So when Flash reads a project it send a URLVariable to PHP:
Karl DeSaulniers
Design Drumm
http://designdrumm.com
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2197 / Virus Database: 2437/5185 - Release Date:
08/07/12
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Karl DeSaulniers
Design Drumm
http://designdrumm.com
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
