All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
*real_escape_string function...Oracle for example.
What is the *best* way to escape quotes for DB insertion?
Brad Bonkoski wrote:
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
*real_escape_string function...Oracle for example.
What is the *best* way to escape
Jochem Maas wrote:
Brad Bonkoski wrote:
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have
a *real_escape_string function...Oracle for example.
What is the
Brad Bonkoski wrote:
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
*real_escape_string function...Oracle for example.
What is the *best* way to escape
Brad Bonkoski wrote:
Jochem Maas wrote:
...
Understood what the esacpe character needs to be...the question is the
best way to get it there?
Currently I have:
magic_quotes_sybase = On
this adds single quotes automatically - addslashes (unless Im mistaken -
wouldnt be the first time)
Jochem Maas wrote:
Brad Bonkoski wrote:
Jochem Maas wrote:
...
Understood what the esacpe character needs to be...the question is
the best way to get it there?
Currently I have:
magic_quotes_sybase = On
this adds single quotes automatically - addslashes (unless Im mistaken -
Brad Bonkoski wrote:
...
this adds single quotes automatically - addslashes (unless Im mistaken -
wouldnt be the first time) would add slashes (and not single quotes)
which is not what you want.
Only done automatically IFF magic_quotes_gpc is ALSO on, which in my
case it is off.
From: Brad Bonkoski [mailto:[EMAIL PROTECTED]
Sent: Fri 26/05/2006 15:41
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
*real_escape_string function...Oracle
From: Jochem Maas [mailto:[EMAIL PROTECTED]
Sent: Fri 26/05/2006 15:54
Brad Bonkoski wrote:
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
Hi Guys
Really simple question. How do I change the following:
print(value=' . $attributes[messageSubject] . ');
to have double quotes around the subject field instead. i.e.:
print(value= . $attributes[messageSubject] . );
thanks
Giles Roadnight
http://giles.roadnight.name
--
PHP General
Hi,
Try this
print(value=\ . $attributes[messageSubject] . \);
Binoy
__ __ __ __
Sent via the WebMail system at softwareassociates.co.uk
---
Scanned by MessageExchange.net (12:54:20 SPITFIRE)
--
PHP General
I had a parrot idea whilst writing this.. (see bottom)
Giles wrote:
Hi Guys
Really simple question. How do I change the following:
print(value=' . $attributes[messageSubject] . ');
to have double quotes around the subject field instead. i.e.:
print(value= . $attributes[messageSubject] . );
you
To view the terms under which this email is distributed, please go to
http://disclaimer.leedsmet.ac.uk/email.htm
On 27 January 2005 12:14, Giles wrote:
Hi Guys
Really simple question. How do I change the following:
print(value=' . $attributes[messageSubject] . ');
to have double
Hi Guys
Really simple question. How do I change the following:
print(value=' . $attributes[messageSubject] . ');
to have double quotes around the subject field instead. i.e.:
print(value= . $attributes[messageSubject] . );
Simple:
Print (value=\{$attributes['messageSubject']}\);
Giles wrote:
Hi Guys
Really simple question. How do I change the following:
print(value=' . $attributes[messageSubject] . ');
to have double quotes around the subject field instead. i.e.:
print(value= . $attributes[messageSubject] . );
print(value=\ . $attributes[messageSubject] . \);
Jochem Maas wrote:
I had a parrot idea whilst writing this.. (see bottom)
...
---
ParrotTalk: I think that this topic of string interpolation/quotes
deserves 'parrot' attention which made me think that maybe the parrot
could parse for markers (that if added to an email by an autorized poster)
John Holmes wrote:
print(value=\ . $attributes[messageSubject] . \);
Slight typo there:
value=\ . ...
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Subject: Re: [PHP] escaping quotes
John Holmes wrote:
print(value=\ . $attributes[messageSubject] . \);
Slight typo there:
value=\ . ...
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP
What also works is this:
print 'value='. $foo['bar'] . '';
Read the manual section on strings:
http://php.net/types.string
Regards,
Philip
On Thu, 27 Jan 2005, Giles wrote:
Thanks, that works great.
Knew that worked for JavaScript but didn't know it worked for PHP.
print(value=\ .
[snip]
2) By not escaping quotes in the data
...
You can do it this way but you must make sure that any strings in your
values array have been escaped before with
[/snip]
There is no quotes in the data. The data coming in is a $_POST array.
$dbmssql-dbinsert($_POST, $table);
However this did
Hi All,
I have this expression;
$query = INSERT INTO $table (%s) VALUES (%s);
$query = sprintf($query, implode(,, $fld), implode(,,
$val));
$result = mssql_query($query) or die($errmsg);
I am trying to insert values from an array into the database.
I
On Wed, 11 Aug 2004 19:03:32 -0500, Alex Hogan
[EMAIL PROTECTED] wrote:
Hi All,
I have this expression;
$query = INSERT INTO $table (%s) VALUES (%s);
$query = sprintf($query, implode(,, $fld), implode(,,
$val));
$result = mssql_query($query) or
Hi,
Thursday, August 12, 2004, 10:03:32 AM, you wrote:
AH Hi All,
AH I have this expression;
AH $query = INSERT INTO $table (%s) VALUES (%s);
AH $query = sprintf($query, implode(,, $fld), implode(,,
AH $val));
AH $result = mssql_query($query) or die($errmsg);
AH
On Thu, 12 Aug 2004 12:34:30 +1000, Tom Rogers [EMAIL PROTECTED] wrote:
Hi,
Thursday, August 12, 2004, 10:03:32 AM, you wrote:
AH Hi All,
AH I have this expression;
AH $query = INSERT INTO $table (%s) VALUES (%s);
AH $query = sprintf($query, implode(,, $fld),
-Original Message-
From: Erik Price [mailto:[EMAIL PROTECTED]]
Sent: 18 February 2003 18:11
PS: I am using htmlentities() on the output before displaying
it in the
browser, but it doesn't apply to singlequotes.
Ahem! I quote from
Hi,
I am running into a problem, that I'm certain I've had before but for
some reason don't remember how to handle. If anyone can advise me on
what to do here, that would be great.
I have a PHP script that accepts some user input and validates it, and
if the validation fails, it re-displays
On Tue, 18 Feb 2003 13:10:33 -0500, you wrote:
input type='text' name='publisher' value='O'Reilly' /
input type=text name=blah value=aaquot;aa
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I'm having a problem escaping double quotes in email messages sent with
mail(). The message is built as a string and assigned to a variable and the
variable name is passed to the mail function.
The double quotes appear correctly in a simple test like this:
$message = This message uses 'single'
I'm having a problem escaping double quotes in email messages sent with
mail(). The message is built as a string and assigned to a variable and
the
variable name is passed to the mail function.
The double quotes appear correctly in a simple test like this:
$message = This message uses
From: 1LT John W. Holmes [EMAIL PROTECTED]
I'm having a problem escaping double quotes in email messages sent with
mail(). The message is built as a string and assigned to a variable and
the
variable name is passed to the mail function.
The double quotes appear correctly in a simple test
I'm stumbling over how to allow people to put single or double quotes
in a form text field.
I am passing the form to itself ($PHP_SELF) and on the second time
through previewing what the form data will look like and also
re-creating the form with the data already filled in.
Here's an example
See: http://www.php.net/manual/en/function.htmlspecialchars.php
John Hughes wrote:
I'm stumbling over how to allow people to put single or double quotes
in a form text field.
I am passing the form to itself ($PHP_SELF) and on the second time
through previewing what the form data will
is ignored.
Same for the double quotes.
---John Holmes...
- Original Message -
From: Robert Cummings [EMAIL PROTECTED]
To: John Hughes [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, May 06, 2002 5:06 PM
Subject: Re: [PHP] escaping quotes in forms and redisplaying variables in
form
Well, this is a fairly simple problem. I'm having problems with escaping a
string, and then ending the string right after the escape! For example,
echo Then Johnathan said, \That's exactly what I said!\;
I get a parse error on the line where the string is. Very simple problem, I
just can't seem
On Tue, 19 Mar 2002, Dr. Shim wrote:
Well, this is a fairly simple problem. I'm having problems with escaping a
string, and then ending the string right after the escape! For example,
echo Then Johnathan said, \That's exactly what I said!\;
I get a parse error on the line where the string
Hmmm. How about this?
echo form name=\frmMovies\ method=\post\ action=\ . echo $PHP_SELF
. \;
Miguel Cruz [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
On Tue, 19 Mar 2002, Dr. Shim wrote:
Well, this is a fairly simple problem. I'm having problems with
You need to remove the second echo.
On Tue, 19 Mar 2002, Dr. Shim wrote:
Hmmm. How about this?
echo form name=\frmMovies\ method=\post\ action=\ . echo $PHP_SELF
. \;
Miguel Cruz [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
On Tue, 19 Mar 2002,
On Tue, 19 Mar 2002, Dr. Shim wrote:
Hmmm. How about this?
echo form name=\frmMovies\ method=\post\ action=\ . echo $PHP_SELF
. \;
You're concatenating echo $PHP_SELF rather than just $PHP_SELF, which
isn't necessarily helping. But just between me and you, life would be a
lot easier if
Strangley enough, $PHP_SELF is empty. Nothing appears when I do it the way
Bob and you suggested, the action property equals .
Miguel Cruz [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
On Tue, 19 Mar 2002, Dr. Shim wrote:
Hmmm. How about this?
echo form
Are you inside a function, having neglected to do
global $PHP_SELF;
?
miguel
On Tue, 19 Mar 2002, Dr. Shim wrote:
Strangley enough, $PHP_SELF is empty. Nothing appears when I do it the way
Bob and you suggested, the action property equals .
Miguel Cruz [EMAIL PROTECTED] wrote in
*screams, I'm such a newbie!!*
I didn't know I had to declare $PHP_SELF with global before using it
inside a function. Sorry! Works now! Thanks very much! =)
Miguel Cruz [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Are you inside a function, having neglected
41 matches
Mail list logo