Re: [PHP-DB] MySQL and apostrophes, interesting problem. 42082
See the manual at php.net:
addslashes()
stripslashes()
I've found it easier to just turn on magic-quotes in the php.ini file
This is all covered at php.net
Robert
- Original Message -
From: Nick Patsaros [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Sunday, March 10, 2002 11:23 AM
Subject: [PHP-DB] MySQL and apostrophes, interesting problem. 42082
I'm working with a simple form which submits field
data to a MySQL database. This is for the purpose of
generating a dynamic news page for my site.
Interestingly enough I've found that any time I try to
submit data that contains an apostrophe ' it gives
me an error and will not send the data (any of it) to
the database.
How can I change my database query, or escape out
apostrophes? I'm looking for the easiest fix out
there of course. Below is my current DB query. I
realize I'm using apostrophes for my variables... is
this acceptable syntax and/or is there a replacement?
$query = INSERT into $table values ('0', '$year',
'$month', '$day', '$hour', '$minutes', '$seconds',
'$article_name', '$content', '$admin_name');
__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql and file upload problems
Why don't you just do the sql insert *after* the file upload function?:
Pseudocode:
if( NOT file upload attack, wrong file type, etc.){
//copy the file to the permanaent location
//call function to insert file details into the database
}
else{
//echo error to user
}
On 3/9/02 10:21 AM, Carl E Shmidt [EMAIL PROTECTED] wrote:
I have a standard multipart/enc form to allow users to upload files.
Pseudocode:
//call function to insert file details into the database
if( NOT file upload attack, wrong file type, etc.){
//copy the file to the permanaent location
}
else{
//delete the record of file details from the database
}
I can have the file upload successfully, and the record is inserted into the
database. The problem is that if there are errors on file upload, then the
record is never deleted from the database. The file upload is resubmitting
to the same page, and no redirection takes place. WHat's going on?
Carl
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Viewing Session Varibles
Is there an easy way to get a dump to the page of all session varibles? I'm trying to create an associtave array in a session varible named cart ($item1 =$qty1, $item3=$qty2, etc.) and i can't seem to wrap my brain around it this morning. I get the item set but can't get the $qty to set. Thanks, Robert Weeks -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Viewing Session Varibles
Ok,
This is driving me nuts. I'm sure its something simple but I can't seem to
find the glitch.
I'm trying to make a simple shopping cart using Session varibles to store
the item = quantity pairs, then I loop thru the cart and query the db to
get the item details, etc.. Most of it works fine but whenever I add a new
item to the cart I lose the $qty value for the other items.
Here is the code in question:
++
?
session_start();
include 'inc/common.inc.php';
if (!session_is_registered(cart))
{
$cart = array();
session_register(cart);
$items = 0;
session_register(items);
}
if($cart[$new])
{
$cart[$new]++;
}else{
$cart[$new] = 1;
}
foreach ($cart as $id = $qty)
{
if ($$id == 0)
{
unset ($cart[$id]);
}else{
$cart[$id] = $$id;
}
$items = calculate_items($cart);
foreach ($cart as $id = $qty){
$db = mysql_connect(localhost, $databaseuser, $databasepasswd) or die
(Unable to connect to database!);
mysql_select_db ($databasename,$db) or die (Unable to connect to database
$db!);
$result = mysql_query (SELECT * from products WHERE id = '$id') or die
(Error in query. . mysql_error());
if ($result){
extract(mysql_fetch_array($result));
echo bTitle:/b $titlebr /;
echo bDescription:/b $p_descbr /;
echo bPrice:/b $pricebr /;
echo bQuantity:/b $qtybr /;
echo hr /;
}
}
#print varibles to screen for debugging
echopre;
print_r($HTTP_SESSION_VARS);
echo/pre;
?
+
If one item is in the cart I get this from the $HTTP_SESSION_VARS:
Array
(
[cart] = Array
(
[10] = 12
)
[items] = 12
[total_price] = 0.00
)
That would indicate to me that the cart pair has been saved.
But as I add items I lose the earlier quantities:
Array
(
[cart] = Array
(
[10] =
[16] =
[13] = 6
)
[items] = 6
[total_price] = 0.00
)
The $id is still there and I can query the db just fine, but no quantity.
I don't know why this is eluding me but any help would be greatly
appreciated.
Thanks,
Robert
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Username
What exactly is the error message? Did you change config.php to use the name of your database and your username password? I've found the articles at devshed to be helpful in the past. This particular one has a pretty good explaination of setting up a user authentication system: http://www.devshed.com/Server_Side/PHP/TimeIsMoney/TimeIsMoney1/page1.html Robert On 2/5/02 9:50 AM, Jennifer Downey [EMAIL PROTECTED] wrote: All I want is to get the username into the database. As soon as test.php shows in browser, the Username, submit button and box ar e there but also it prints the There has been a problem. right off the bat. Now I know there are misprints in the book and I hope I was smart enough to catch them but maybe not. can someone please tell me what I have done wrong? Thanks for all your time. Jennifer Downey -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] File Uploading... Two problems...
On 2/5/02 9:58 AM, Todd Williamsen [EMAIL PROTECTED] wrote:
Now I have two small issues...
1. How would I automate the file naming otherwise errors will fly (can't
copy file... blah blah)
You could replace the file name with a randomly generated number. There are
a number of ways to generate random numbers in PHP. Try this for starters:
http://www.php.net/manual/en/function.mt-rand.php
2. The second part is the most annoying. It seems that I cannot get the
script to put the files into a directory I specify only where the script
resides. I thought it was a permission issue, but the folder has been chmod
to 777 and it still won't do it...
You need the path from root to the directory. Now you have:
home/sites/madden.williamsen.net/web/recruiter/resumes/$img1_name
You need a forward slash before home:
/home/sites/madden.williamsen.net/web/recruiter/resumes/$img1_name
Instead of using chmod 777 (ick!) you should change the ownership of the
file to be owned by the web server user which is usually nobody you can do
this with the chown command from the command line.
Robert
Directory structure
home
web
recruiter --- folder where the scripts reside
resumes -- the destination where I want the uploaded files to
reside
here is the code...
?
// if $img_name isn't empty, try to copy the file
if ($img1_name != ) {
// copy the file to a directory or
//die and print an error message
// NOTE! if you're on a Windows machine,
// use Windows pathnames, like so:
// copy($img1, C:\\some\\directory\\path\\$img1_name);
copy($img1,
home/sites/madden.williamsen.net/web/recruiter/resumes/$img1_name)
or die(Couldn't copy the file!);
} else {
// if $img_name was empty, die and let us know why
die(No input file specified);
}
?
thanks
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Username
If you read to part 2 of the tutorial it has quite a bit on inserting data. The reason there are tutorials and books are to teach the *concepts* behind what they are showing you. This is probably what is tripping you up; you create the table with uid as an integer, auto increment, not null field, then your insert statement tries to insert NULL into that field. You need to change this: $query = INSERT INTO users (uid, name) VALUES(NULL, $name); To this: $query = INSERT INTO users (name) VALUES ($name); Robert On 2/5/02 10:46 AM, Jennifer Downey [EMAIL PROTECTED] wrote: I am not getting an error message. The te.php is connecting to the data base. Just not doing what I want it to. While that is a very good tutorial (if I was just logging in) but it has nothing to do with inserting information into the database via a form. But thanks for the tut. It will come in handy when I get to that point in my learning stage. Jen -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] File Uploading... Two problems...
Yeah,
My chown reference was to chowning the folder that the files are uploaded
to, not the indv. files.
Robert
- Original Message -
From: JD Daniels [EMAIL PROTECTED]
To: Todd Williamsen [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, February 05, 2002 12:21 PM
Subject: RE: [PHP-DB] File Uploading... Two problems...
I believe when PHP saves a file, it is already owned by the web server
user.
In my case, nouser. I could not get this behaviour to change.
Normally you should not need to CHMOD or CHOWN anything you upload unless
you need them to be modified by ftp users as well.
Just make sure the folder is writeable by the web server user. (Preferably
not by anybody else... 777 is all bad :)
If you do end up CHMODing:
On SCO, the CHMOD command did not behave like I expected it to... adding
the
umask made it all good... ie,
$rand_name=generate_filename(,jpg)
file://Save The Uploaded File To Disk
@copy($image,
/home/sites/madden.williamsen.net/web/recruiter/resumes/$rand_name) or
die(Couldn't Save File $image to $rand_name);
(Note beginning slash... Robert helped you there :)
file://Give It Perms
umask(0);
chmod(/home/sites/madden.williamsen.net/web/recruiter/resumes/$temp_name,0
600);
(on my SCO box, 600 is the default perms anyway )
Here is my little funtion I use to generate file names: (It is not mine..
but I cant remember who gave it to me :)
function generate_filename ($len = 8,$ext)
{
$nps = ;
mt_srand ((double) microtime() * 100);
while (strlen($nps)$len)
{
$c = chr(mt_rand (0,255));
if (eregi(^[a-z0-9]$, $c)) $nps = $nps.$c;
}
$nps.=.$ext;
return ($nps);
}
Of course, depending on what you are doing, completely random names may be
useless... I save them as temporary files to resize them and save them in
a
DB with the regular name with special chars stripped out.
JD
-Original Message-
From: Robert Weeks [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 05, 2002 7:19 AM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] File Uploading... Two problems...
On 2/5/02 9:58 AM, Todd Williamsen [EMAIL PROTECTED] wrote:
Now I have two small issues...
1. How would I automate the file naming otherwise errors will fly
(can't
copy file... blah blah)
You could replace the file name with a randomly generated number. There
are
a number of ways to generate random numbers in PHP. Try this for starters:
http://www.php.net/manual/en/function.mt-rand.php
2. The second part is the most annoying. It seems that I cannot get
the
script to put the files into a directory I specify only where the script
resides. I thought it was a permission issue, but the folder has been
chmod
to 777 and it still won't do it...
You need the path from root to the directory. Now you have:
home/sites/madden.williamsen.net/web/recruiter/resumes/$img1_name
You need a forward slash before home:
/home/sites/madden.williamsen.net/web/recruiter/resumes/$img1_name
Instead of using chmod 777 (ick!) you should change the ownership of the
file to be owned by the web server user which is usually nobody you can
do
this with the chown command from the command line.
Robert
Directory structure
home
web
recruiter --- folder where the scripts reside
resumes -- the destination where I want the uploaded files
to
reside
here is the code...
?
// if $img_name isn't empty, try to copy the file
if ($img1_name != ) {
// copy the file to a directory or
file://die and print an error message
// NOTE! if you're on a Windows machine,
// use Windows pathnames, like so:
// copy($img1, C:\\some\\directory\\path\\$img1_name);
copy($img1,
home/sites/madden.williamsen.net/web/recruiter/resumes/$img1_name)
or die(Couldn't copy the file!);
} else {
// if $img_name was empty, die and let us know why
die(No input file specified);
}
?
thanks
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Hashes
I'm trying to use a hash to translate a value into something human readable. I know
how to do this with an if-else but that seems like a waste of typing.
I have a bunch of items in the db and their values are abbreciations such as 'm_r'. I
want m_r to show on the page as Mens Rings. I was trying to do it like this but echo
$item returned Array:
?php
#query db and get a result snipped
$item = $row[item];
$item = array('Mens Ring' = m_r, 'Mens Charm' = m_c, 'Womens Ring' = w_r,'Womens
Charm' = w_c);
echo $item;
?
Any help would be appreciated.
thnx,
robert
Re: [PHP-DB] Hashes
Thanks,
Your assumptions were correct, I'll give that a try.
I ended up doing this which doesn't seem as efficient:
$item_array = array('Mens Ring' = m_r,
'Mens Charm' = m_c,
'Womens Ring' = w_r,
'Womens Charm' = w_c
);
while (list($val, $key) = each($item_array)){
if ($key == $item){
$item_text = $val;
}
}
echo $item_text;
Thanks again,
Robert
- Original Message -
From: Matthew Loff [EMAIL PROTECTED]
To: 'Robert Weeks' [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, December 21, 2001 4:26 PM
Subject: RE: [PHP-DB] Hashes
Robert--
You're on the right track... I'm assuming $row is the result of a
mysql_fetch_assoc() call, and $row['item'] contains the hashed value
(either m_r, m_c, or whatever)... Try this:
?php
$item_list = array('Mens Ring' = m_r, 'Mens Charm' = m_c, 'Womens
Ring' = w_r,'Womens Charm' = w_c);
#query db and get a result snipped
echo $item_list[$row['item']];
?
Good luck,
Matt
-Original Message-
From: Robert Weeks [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 21, 2001 11:27 AM
To: [EMAIL PROTECTED]
Subject: [PHP-DB] Hashes
I'm trying to use a hash to translate a value into something human
readable. I know how to do this with an if-else but that seems like a
waste of typing.
I have a bunch of items in the db and their values are abbreciations
such as 'm_r'. I want m_r to show on the page as Mens Rings. I was
trying to do it like this but echo $item returned Array:
?php
#query db and get a result snipped
$item = $row[item];
$item = array('Mens Ring' = m_r, 'Mens Charm' = m_c, 'Womens Ring' =
w_r,'Womens Charm' = w_c);
echo $item;
?
Any help would be appreciated.
thnx,
robert
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] question
Yup, I knew it was something really simple. I should never touch a computer before the coffee is brewed ;-) Thanks! Robert On Wednesday, December 12, 2001, at 11:09 AM, Steve Cayford wrote: Do you want $$fname = $val here? Taking the string in $fname as the name of a variable to which you are assigning $val. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
