I have an application in which the password is stored in the database
as md5(md5('passWord').'userSpecificSalt'). I'm checking the password
entered with:
$password=md5( md5('$_POST['password']').'userSpecificSalt' );
$query=SELECT id FROM table WHERE password='{$password}';
Now I'm a bit queasy
On Wed, Sep 21, 2011 at 13:53, Dotan Cohen dotanco...@gmail.com wrote:
I have an application in which the password is stored in the database
as md5(md5('passWord').'userSpecificSalt'). I'm checking the password
entered with:
$password=md5( md5('$_POST['password']').'userSpecificSalt' );
If you're converting the input data in a md5 hash has no reason to scape it.
Regards,
Igor Escobar
*Software Engineer
*
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar http://www.twitter.com/igorescobar
On Wed, Sep 21, 2011 at 2:53 PM, Dotan Cohen
On Wed, Sep 21, 2011 at 21:03, Daniel Brown danbr...@php.net wrote:
It never hurts to be overly cautious, but as MD5 hashes are
strictly alphanumeric (using hex characters), you won't have an issue
with injection with the code above. That is, of course, unless your
version of PHP is
Thanks Igor. I will sleep peacefully this night!
--
Dotan Cohen
http://gibberish.co.il
http://what-is-what.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Wed, Sep 21, 2011 at 15:32, Dotan Cohen dotanco...@gmail.com wrote:
The rebuild without md5 is an interesting point. That sounds exactly
like the type of it-will-never-happen-until-it-happens-to-me problems!
Thanks for the heads up.
I should've specified, though, that then you would
On Wed, Sep 21, 2011 at 22:36, Daniel Brown danbr...@php.net wrote:
I should've specified, though, that then you would simply have the
fatal error message (call to undefined function) pass through, not the
unhashed original text.
Yes, that is obvious.
--
Dotan Cohen
I did a fresh install of PHP on a new server. I had gotten used to PHP
automatically adding a backslash before single quotes when form data is
submitted. It seems that is shut off in my new install. How do I turn it back
on?
Thanks!
Floyd
--
PHP General Mailing List (http://www.php.net/)
On Fri, Jul 22, 2011 at 11:48, Floyd Resler fres...@adex-intl.com wrote:
I did a fresh install of PHP on a new server. I had gotten used to PHP
automatically adding a backslash before single quotes when form data is
submitted. It seems that is shut off in my new install. How do I turn it
On 22 July 2011 16:54, Daniel Brown danbr...@php.net wrote:
On Fri, Jul 22, 2011 at 11:48, Floyd Resler fres...@adex-intl.com wrote:
I did a fresh install of PHP on a new server. I had gotten used to PHP
automatically adding a backslash before single quotes when form data is
submitted. It
On Jul 22, 2011, at 11:54 AM, Daniel Brown wrote:
On Fri, Jul 22, 2011 at 11:48, Floyd Resler fres...@adex-intl.com wrote:
I did a fresh install of PHP on a new server. I had gotten used to PHP
automatically adding a backslash before single quotes when form data is
submitted. It seems
On Jul 22, 2011, at 12:08 PM, Richard Quadling wrote:
On 22 July 2011 16:54, Daniel Brown danbr...@php.net wrote:
On Fri, Jul 22, 2011 at 11:48, Floyd Resler fres...@adex-intl.com wrote:
I did a fresh install of PHP on a new server. I had gotten used to PHP
automatically adding a backslash
IIRC. That's covered under magic quotes . You should be able to turn that off
via a config switch in php.ini or .htaccess.
-Original Message-
From: Govinda [EMAIL PROTECTED]
Date: Mon, 1 Sep 2008 20:21:10
To: PHP-General Listphp-general@lists.php.net
Subject: [PHP] newbie - PHP
You guys got me on the right track, but:
On my Mac OS10.5.4/Apache2/webmin local (dev) setup (of which I know
very little) I managed to find php.ini.default, make a copy while
renaming to php.ini, open the copy (php.ini), and change that on
to an off (the only one of the 3 that was on).
1) did you restart the server to take advantage of the new settings?
2) are you sure you're running the php.ini at all? (run phpinfo() from a
page to make sure that the server has read the right copy of php.ini)
On Tue, Sep 2, 2008 at 4:12 PM, Govinda [EMAIL PROTECTED] wrote:
You guys got
On Sep 2, 2008, at 6:02 PM, Seung Park wrote:
1) did you restart the server to take advantage of the new settings?
no. That was it. Solved. Sorry for what turned out to be OT. When
we're that green, we don't know OT from T.
2) are you sure you're running the php.ini at all? (run
Just a quick Q, which I know has to be in the docs somewhere, but I
haven't come across it yet-
PHP automatically escaping single and double quotes... how to turn it
off?
I.e.-
in a form text input, someone inputs
love's influence grows
and on the posted page I get:
love\'s \influence\
On Mon, Sep 1, 2008 at 10:21 PM, Govinda [EMAIL PROTECTED] wrote:
Just a quick Q, which I know has to be in the docs somewhere, but I haven't
come across it yet-
PHP automatically escaping single and double quotes... how to turn it off?
I.e.-
in a form text input, someone inputs
love's
Hello,
I'm adding functionality to allow a user to copy data on a page to the
clipboard using JS. This can be done simply with:
window.clipboardData.setData('Text','String to copy to clipboard');
The string from PHP needs to contain line breaks when copied into the
clipboard. This works when
...
This is a PHP function that escapes strings so you can output them as a
JS string. IIRC it assumes you're using single quotes to enclose your
strings.
/**
* Function to appropriately escape a string so it can be output
* into javascript code.
*
* @param string
This is a PHP function that escapes strings so you can output them as a
JS string. IIRC it assumes you're using single quotes to enclose your
strings.
/**
* Function to appropriately escape a string so it can be output
* into javascript code.
*
* @param
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
*real_escape_string function...Oracle for example.
What is the *best* way to escape quotes for DB insertion?
Brad Bonkoski wrote:
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
*real_escape_string function...Oracle for example.
What is the *best* way to escape
Jochem Maas wrote:
Brad Bonkoski wrote:
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have
a *real_escape_string function...Oracle for example.
What is the
Brad Bonkoski wrote:
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
*real_escape_string function...Oracle for example.
What is the *best* way to escape
Brad Bonkoski wrote:
Jochem Maas wrote:
...
Understood what the esacpe character needs to be...the question is the
best way to get it there?
Currently I have:
magic_quotes_sybase = On
this adds single quotes automatically - addslashes (unless Im mistaken -
wouldnt be the first time)
Jochem Maas wrote:
Brad Bonkoski wrote:
Jochem Maas wrote:
...
Understood what the esacpe character needs to be...the question is
the best way to get it there?
Currently I have:
magic_quotes_sybase = On
this adds single quotes automatically - addslashes (unless Im mistaken -
Brad Bonkoski wrote:
...
this adds single quotes automatically - addslashes (unless Im mistaken -
wouldnt be the first time) would add slashes (and not single quotes)
which is not what you want.
Only done automatically IFF magic_quotes_gpc is ALSO on, which in my
case it is off.
From: Brad Bonkoski [mailto:[EMAIL PROTECTED]
Sent: Fri 26/05/2006 15:41
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
*real_escape_string function...Oracle
From: Jochem Maas [mailto:[EMAIL PROTECTED]
Sent: Fri 26/05/2006 15:54
Brad Bonkoski wrote:
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
So I'm writing this page (PHP Newbie here) and it checks to see if a var
is set, if it isn't it spits out the form info like so: echo form
action=myform.php method=post;
Now is there a way to 'wrap' that so I don't have to escape quotes?
Something like perls 'qq' function is what I'm looking for.
On 25/05/06, Pavleck, Jeremy D. [EMAIL PROTECTED] wrote:
So I'm writing this page (PHP Newbie here) and it checks to see if a var
is set, if it isn't it spits out the form info like so: echo form
action=myform.php method=post;
Now is there a way to 'wrap' that so I don't have to escape quotes?
So I'm writing this page (PHP Newbie here) and it checks to see if a var
is set, if it isn't it spits out the form info like so: echo form
action=myform.php method=post;
Now is there a way to 'wrap' that so I don't have to escape quotes?
Something like perls 'qq' function is what I'm looking
Pavleck, Jeremy D. wrote:
So I'm writing this page (PHP Newbie here) and it checks to see if a var
is set, if it isn't it spits out the form info like so: echo form
action=myform.php method=post;
Now is there a way to 'wrap' that so I don't have to escape quotes?
Something like perls 'qq'
or heredeoc syntax :)
On 5/25/06, John Nichel [EMAIL PROTECTED] wrote:
Pavleck, Jeremy D. wrote:
So I'm writing this page (PHP Newbie here) and it checks to see if a var
is set, if it isn't it spits out the form info like so: echo form
action=myform.php method=post;
Now is there a way to
Not sure I understand your question correctly. I think you can just use
soemthing like:
echo 'form action=myform.php method=post';
Mindaugas L wrote:
or heredeoc syntax :)
On 5/25/06, John Nichel [EMAIL PROTECTED] wrote:
Pavleck, Jeremy D. wrote:
So I'm writing this page (PHP Newbie
Hi,
I want this code to display peoples' names within an hyperlink.
I'm tired of trying different ways, read all about it in PHP's manual,
but i can't get it there.
You can visit http://www.dte.ua.pt/cv
In the rightmost column it is suposed to apear two name below Links,
but... it doen't,
Hi.
htmlentities has worked pretty well so far for me...except when it
comes across something like ñw or ñ0w in an RSS feed (v2)
It tries to convert the ntilde - and it does, but because the ñ
doesn't have a space next to the w or the 0w, it breaks the XML and it
comes out as ntilde;0w which, I
Hi Guys
Really simple question. How do I change the following:
print(value=' . $attributes[messageSubject] . ');
to have double quotes around the subject field instead. i.e.:
print(value= . $attributes[messageSubject] . );
thanks
Giles Roadnight
http://giles.roadnight.name
--
PHP General
Hi,
Try this
print(value=\ . $attributes[messageSubject] . \);
Binoy
__ __ __ __
Sent via the WebMail system at softwareassociates.co.uk
---
Scanned by MessageExchange.net (12:54:20 SPITFIRE)
--
PHP General
I had a parrot idea whilst writing this.. (see bottom)
Giles wrote:
Hi Guys
Really simple question. How do I change the following:
print(value=' . $attributes[messageSubject] . ');
to have double quotes around the subject field instead. i.e.:
print(value= . $attributes[messageSubject] . );
you
To view the terms under which this email is distributed, please go to
http://disclaimer.leedsmet.ac.uk/email.htm
On 27 January 2005 12:14, Giles wrote:
Hi Guys
Really simple question. How do I change the following:
print(value=' . $attributes[messageSubject] . ');
to have double
Hi Guys
Really simple question. How do I change the following:
print(value=' . $attributes[messageSubject] . ');
to have double quotes around the subject field instead. i.e.:
print(value= . $attributes[messageSubject] . );
Simple:
Print (value=\{$attributes['messageSubject']}\);
Giles wrote:
Hi Guys
Really simple question. How do I change the following:
print(value=' . $attributes[messageSubject] . ');
to have double quotes around the subject field instead. i.e.:
print(value= . $attributes[messageSubject] . );
print(value=\ . $attributes[messageSubject] . \);
Jochem Maas wrote:
I had a parrot idea whilst writing this.. (see bottom)
...
---
ParrotTalk: I think that this topic of string interpolation/quotes
deserves 'parrot' attention which made me think that maybe the parrot
could parse for markers (that if added to an email by an autorized poster)
John Holmes wrote:
print(value=\ . $attributes[messageSubject] . \);
Slight typo there:
value=\ . ...
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Subject: Re: [PHP] escaping quotes
John Holmes wrote:
print(value=\ . $attributes[messageSubject] . \);
Slight typo there:
value=\ . ...
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP
What also works is this:
print 'value='. $foo['bar'] . '';
Read the manual section on strings:
http://php.net/types.string
Regards,
Philip
On Thu, 27 Jan 2005, Giles wrote:
Thanks, that works great.
Knew that worked for JavaScript but didn't know it worked for PHP.
print(value=\ .
Hi all,
If i want to find a url on a page, there are some chars i need to escape
right?
like '/' and '?'
do i also need to escape '.'?
Are there any other things that might pop up in a url that I can escape
with addcslashes()?
Much thanks
--
Nick W
--
PHP General Mailing List
Nick Wilson wrote:
Hi all,
If i want to find a url on a page, there are some chars i need to escape
right?
like '/' and '?'
do i also need to escape '.'?
Are there any other things that might pop up in a url that I can escape
with addcslashes()?
Much thanks
Don't use posix regexp, but use
* and then Marek Kilimajer declared
If i want to find a url on a page, there are some chars i need to escape
right?
like '/' and '?'
do i also need to escape '.'?
Are there any other things that might pop up in a url that I can escape
with addcslashes()?
Don't use posix regexp,
[snip]
2) By not escaping quotes in the data
...
You can do it this way but you must make sure that any strings in your
values array have been escaped before with
[/snip]
There is no quotes in the data. The data coming in is a $_POST array.
$dbmssql-dbinsert($_POST, $table);
However this did
Hi All,
I have this expression;
$query = INSERT INTO $table (%s) VALUES (%s);
$query = sprintf($query, implode(,, $fld), implode(,,
$val));
$result = mssql_query($query) or die($errmsg);
I am trying to insert values from an array into the database.
I
On Wed, 11 Aug 2004 19:03:32 -0500, Alex Hogan
[EMAIL PROTECTED] wrote:
Hi All,
I have this expression;
$query = INSERT INTO $table (%s) VALUES (%s);
$query = sprintf($query, implode(,, $fld), implode(,,
$val));
$result = mssql_query($query) or
Hi,
Thursday, August 12, 2004, 10:03:32 AM, you wrote:
AH Hi All,
AH I have this expression;
AH $query = INSERT INTO $table (%s) VALUES (%s);
AH $query = sprintf($query, implode(,, $fld), implode(,,
AH $val));
AH $result = mssql_query($query) or die($errmsg);
AH
On Thu, 12 Aug 2004 12:34:30 +1000, Tom Rogers [EMAIL PROTECTED] wrote:
Hi,
Thursday, August 12, 2004, 10:03:32 AM, you wrote:
AH Hi All,
AH I have this expression;
AH $query = INSERT INTO $table (%s) VALUES (%s);
AH $query = sprintf($query, implode(,, $fld),
Hi there,
I am just validating html generated by a php page. There is an error which comes
up if ther is a dash in the content text. Those characters come out of a database.
Is there a command in php which is escaping those characters for valid html output?
Something like urlencode, but for text
On Apr 16, 2004, at 3:40 AM, Merlin wrote:
Hi there,
I am just validating html generated by a php page. There is an error
which comes
up if ther is a dash in the content text. Those characters come out of
a database.
Is there a command in php which is escaping those characters for valid
html
Lowell Allen wrote:
On Apr 16, 2004, at 3:40 AM, Merlin wrote:
Hi there,
I am just validating html generated by a php page. There is an error
which comes
up if ther is a dash in the content text. Those characters come out of
a database.
Is there a command in php which is escaping those
On Friday 16 April 2004 20:19, Merlin wrote:
hmm so you would suggest to save the entitty code directly to the database
in the first place?
If the data is mainly displayed as HTML then yes, store the HTML entities and
do a conversion when you want plain text or whatever.
What happens if I
* Thus wrote Marek Kilimajer ([EMAIL PROTECTED]):
Adam Williams wrote:
If I have the SQL statement:
$sql = select subject from subwhile where subject = '*$var[0]*';
Don't you want to do:
$sql = select subject from subwhile where subject LIKE '%$var[0]%';
I think more precisely:
$sql =
Curt Zirzow wrote:
Don't you want to do:
$sql = select subject from subwhile where subject LIKE '%$var[0]%';
I think more precisely:
$sql = select subject from subwhile where subject LIKE '%{$var[0]}%';
Either will work, as will
$sql = ... subject LIKE '%$var[string_index]%';
--
PHP General
If I have the SQL statement:
$sql = select subject from subwhile where subject = '*$var[0]*';
do I need to put a \ before each '?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Adam --
...and then Adam Williams said...
%
% If I have the SQL statement:
%
% $sql = select subject from subwhile where subject = '*$var[0]*';
%
% do I need to put a \ before each '?
1) You should have just tried it.
2) No.
You owe the Newbie Guide a paragraph on quoting and escaping.
Adam Williams wrote:
If I have the SQL statement:
$sql = select subject from subwhile where subject = '*$var[0]*';
Don't you want to do:
$sql = select subject from subwhile where subject LIKE '%$var[0]%';
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
[snip]
If I have the SQL statement:
$sql = select subject from subwhile where subject = '*$var[0]*';
Don't you want to do:
$sql = select subject from subwhile where subject LIKE '%$var[0]%';
[/snip]
Not if the variable is exactly what he is looking for.
--
PHP General Mailing List
Yeah thats what I meant to do, my PHP is very rusty if you can't tell
(and so is my SQL) :)
Jay Blanchard wrote:
[snip]
If I have the SQL statement:
$sql = select subject from subwhile where subject = '*$var[0]*';
Don't you want to do:
$sql = select subject from subwhile where subject LIKE
Dan Anderson mailto:[EMAIL PROTECTED]
on Wednesday, September 10, 2003 5:17 PM said:
If you don't like somebodys post just ignore it. I'd bet your 2 cents
that you don't find every post to this list interesting. Do you reply
to those people and ask them to not post stuff that doesn't
You've completely misread and misinterpreted Robert's comments. He
didn't say he didn't want to read posts he wasn't interested in and he
didn't ask the poster to not post things he wasn't interested in
reading. He DID however request that people not send html emails to the
list.
Oh wait, he
*chuckle* this explains your responses to me. In this new light I
apologize for my condescending responses.
Cheers,
Rob.
On Thu, 2003-09-11 at 20:17, Dan Anderson wrote:
You've completely misread and misinterpreted Robert's comments. He
didn't say he didn't want to read posts he wasn't
I need to print the following:
moz-txt-link-freetext" href="">http://www.gilardi.com/pdf/gwyt1poc.pdf','','')"
and I am not sure how to escape the " ' " characters.
Actually, the 'http://www.gilardi.com/pdf/gwyt1poc.pdf' will be a
variable, $url.
Can someone point me toward some docs on
I need to print the following:
onClick=MM_openBrWindow('http://www.gilardi.com/pdf/gwyt1poc.pdf','','')
and I am not sure how to escape the ' characters.
with a slash.
http://www.google.com/search?q=php+single+quote+escape+site%3Aphp.net
I believe the general posting guidelines discourage posting HTML to
mailing lists, and to be quite honest many of us pay for our bandwidth
and don't need your 8k image eating up resources.
2 cents,
Rob.
On Wed, 2003-09-10 at 13:27, Todd Cary wrote:
I need to print the following:
Try this
?php$url="";echo "a href=#
asd/a";?
HTH
-Murugesan
- Original Message -
From:
Todd
Cary
To: [EMAIL PROTECTED]
Sent: Wednesday, September 10, 2003 10:57
PM
Subject: [PHP] Escaping the " ' "
character
I need
I believe the general posting guidelines discourage posting HTML to
mailing lists, and to be quite honest many of us pay for our bandwidth
and don't need your 8k image eating up resources.
If you don't like somebodys post just ignore it. I'd bet your 2 cents
that you don't find every post to
Funny, I could swear I made a comment about bandwidth not topic. You
should go read my original message, then read the guidelines, then
wonder to yourself if you are all alone in this world -- if you by
chance find that you're not in your own little world, perhaps you see
why guidelines posted for
I have this:
$query = LOAD DATA LOCAL INFILE '/home/data.txt' INTO TABLE mytable FIELDS
TERMINATED BY ',' ENCLOSED BY ' . '' . ' ;
$result = MYSQL_QUERY($query);
PRINT br$query2br;
The query doesn't take ... but if I cut and paste the printed response into
the mysql server manually ... works
[snip]
$query = LOAD DATA LOCAL INFILE '/home/data.txt' INTO TABLE mytable
FIELDS TERMINATED BY ',' ENCLOSED BY ' . '' . ' ;
{/snip]
try ...
$query = LOAD DATA LOCAL INFILE '/home/data.txt' INTO TABLE mytable
FIELDS TERMINATED BY ',' ENCLOSED BY '' ;
The period concats were not needed.
--
PHP
--- Roy W [EMAIL PROTECTED] wrote:
The query doesn't take ... but if I cut and paste the printed
response into the mysql server manually ... works like a charm
http://www.php.net/addslashes
Chris
=
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/
Sorry...Because of the double quote near the ENCLOSED BY .. It delivers a
PARSE ERROR
?
-Original Message-
From: Jay Blanchard [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 31, 2003 12:38 PM
To: Roy W; [EMAIL PROTECTED]
Subject: RE: [PHP] Escaping nasty quotes
[snip]
$query = LOAD
]
Subject: Re: [PHP] Escaping nasty quotes
--- Roy W [EMAIL PROTECTED] wrote:
The query doesn't take ... but if I cut and paste the printed response
into the mysql server manually ... works like a charm
http://www.php.net/addslashes
Chris
=
Become a better Web developer with the HTTP
[snip]
Sorry...Because of the double quote near the ENCLOSED BY .. It delivers
a
PARSE ERROR
$query = LOAD DATA LOCAL INFILE '/home/data.txt' INTO TABLE mytable
FIELDS
TERMINATED BY ',' ENCLOSED BY '' ;
[/snip]
Are the fields enclosed by a quote? If not...
$query = LOAD DATA LOCAL INFILE
Unfortunately, they are indeed enclosed by double quotes
Roy
-Original Message-
From: Jay Blanchard [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 31, 2003 12:58 PM
To: Roy W; [EMAIL PROTECTED]
Subject: RE: [PHP] Escaping nasty quotes
[snip]
Sorry...Because of the double quote near
[snip]
Unfortunately, they are indeed enclosed by double quotes
[/snip]
Can you show us a snippet of data.txt?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I have this:
$query = LOAD DATA LOCAL INFILE '/home/data.txt' INTO TABLE
mytable FIELDS
TERMINATED BY ',' ENCLOSED BY ' . '' . ' ;
$result = MYSQL_QUERY($query);
PRINT br$query2br;
The query doesn't take ... but if I cut and paste the printed
response into
the mysql server manually ...
On Thu, 2003-07-31 at 14:31, Roy W wrote:
I have this:
$query = LOAD DATA LOCAL INFILE '/home/data.txt' INTO TABLE mytable FIELDS
TERMINATED BY ',' ENCLOSED BY ' . '' . ' ;
$result = MYSQL_QUERY($query);
PRINT br$query2br;
The query doesn't take ... but if I cut and paste the printed
-Original Message-
From: Erik Price [mailto:[EMAIL PROTECTED]]
Sent: 18 February 2003 18:11
PS: I am using htmlentities() on the output before displaying
it in the
browser, but it doesn't apply to singlequotes.
Ahem! I quote from
Hi,
I am running into a problem, that I'm certain I've had before but for
some reason don't remember how to handle. If anyone can advise me on
what to do here, that would be great.
I have a PHP script that accepts some user input and validates it, and
if the validation fails, it re-displays
On Tue, 18 Feb 2003 13:10:33 -0500, you wrote:
input type='text' name='publisher' value='O'Reilly' /
input type=text name=blah value=aaquot;aa
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I need to get a password value from a form, store it in a database and then
later be able to compare a login password to the one stored in the db.
This works great unless the password contains the '\' char.
magic_quotes_gpc is ON and magic_quotes_runtime is OFF.
As a klude, I tried just removing
I need to get a password value from a form, store it in a database and
then
later be able to compare a login password to the one stored in the db.
This works great unless the password contains the '\' char.
magic_quotes_gpc is ON and magic_quotes_runtime is OFF.
As a klude, I tried just
a whole new set of challenges.
I'd appreciate any other advice or clarification you could offer.
Thanks,
-Original Message-
From: John W. Holmes [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 07, 2003 4:25 PM
To: 'Rob Walls'; [EMAIL PROTECTED]
Subject: RE: [PHP] Escaping Chars
I need
Thanks for the reply, but I still can't seem to make the connection...
If I enter the value
123\/'
in a web form and put the form post value directly into the db (no
stripslashes or any other function), the value as reported by the db
at a
command line query is
123\/'
That's not right. If
I'm having a problem escaping double quotes in email messages sent with
mail(). The message is built as a string and assigned to a variable and the
variable name is passed to the mail function.
The double quotes appear correctly in a simple test like this:
$message = This message uses 'single'
I'm having a problem escaping double quotes in email messages sent with
mail(). The message is built as a string and assigned to a variable and
the
variable name is passed to the mail function.
The double quotes appear correctly in a simple test like this:
$message = This message uses
From: 1LT John W. Holmes [EMAIL PROTECTED]
I'm having a problem escaping double quotes in email messages sent with
mail(). The message is built as a string and assigned to a variable and
the
variable name is passed to the mail function.
The double quotes appear correctly in a simple test
-Original Message-
From: Mike Smith [mailto:[EMAIL PROTECTED]]
Sent: 12 December 2002 14:47
Rendered results of a href... =
http://company.com/custmaint.php?id=70class=cust=company
T/T #29type=OEM
id is the record id
class is Null so that's OK.
cust=company T/T #29
since I've started scripting in PHP, but would
appreciate any pointers.
Thanks for pointing me in the right direction!
Mike Smith
-Original Message-
From: Ford, Mike [LSS] [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 13, 2002 4:22 AM
To: 'Mike Smith'; PHP General
Subject: RE: [PHP
-Original Message-
From: Mike Smith
Is this fundamentally flawed? You mentioned ...is probably invalid in
itself, but we'll come to that. Were you referring to the space or the
whole pasing of array variables in an URL.
Yup, I meant the spaces, not the whole concept -- when I wrote that
=$id) this record cust will now be company T/T
All the other fields fill in correctly. Is it seeing the # as a comment?
-Original Message-
From: Richard Baskett [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 11, 2002 3:57 PM
To: Mike Smith; PHP General
Subject: Re: [PHP] Escaping
1 - 100 of 138 matches
Mail list logo
