[Proto-Scripty] Re: How do I search for characters in order of input?
On Tue, Nov 11, 2008 at 7:15 PM, Walter Lee Davis [EMAIL PROTECTED] wrote:
/**
* A really nice tool to clean strings or arrays.
*
* @param mixed $mxdInput A string or an array
* @return mixed same as input, but with trim and strip_tags applied
to string or all elements of array, depending on imput format
* @author Walter Lee Davis
*/
function clean($mxdInput){
if(is_string($mxdInput)) return trim(strip_tags($mxdInput));
$out = array();
foreach($mxdInput as $k=$v){
$out[$k] = clean($v);
}
return $out;
}
$_POST = clean($_POST);
this still doesn't prevent sql injection - you need to use
mysql_escape_string() to addslashes based on mysql special
characters.
--
Regards,
The Honeymonster aka Daniel Llewellyn
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Prototype script.aculo.us group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/prototype-scriptaculous?hl=en
-~--~~~~--~~--~--~---
[Proto-Scripty] Re: How do I search for characters in order of input?
If you want to search for a string that matches starting at the
beginning, not in the middle, then just remove the first wildcard (%)
from your query:
SELECT title FROM autocomplete_demo WHERE title LIKE ' . $_POST
['search'] . %'
Now it will match on france, frank, or fragile, but not 'the frame'
or infrangible or any other string that doesn't begin with fra.
Walter
On Nov 11, 2008, at 3:10 AM, alohaaaron wrote:
Hi, I'm trying to modify the demo here
http://wiseguysonly.com/demos/scriptaculous/ajax-autocompletion/
autocomplete.php
which works great but I'd like to search character by character
instead of searching for a character within the string itself.
For example, If I have these strings in a database coffee and frank
and I type fra I just want it to list frank, not coffee.
The PHP script is below. Do I need to modify this an option for the
new Ajax.Autcomplete(); that will do this?
Thanks!
$sql = SELECT title FROM autocomplete_demo WHERE title LIKE '% .
$_POST['search'] . %';
$rs = mysql_query($sql);
?
ul
? while($data = mysql_fetch_assoc($rs)) { ?
li? echo stripslashes($data['title']);?/li
? } ?
/ul
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Prototype script.aculo.us group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/prototype-scriptaculous?hl=en
-~--~~~~--~~--~--~---
[Proto-Scripty] Re: How do I search for characters in order of input?
just FYI i really would not use unsanitized $_POST data in the search, it
can lead to SQL injection
- Original Message -
From: Walter Lee Davis [EMAIL PROTECTED]
To: prototype-scriptaculous@googlegroups.com
Sent: Tuesday, November 11, 2008 6:48 PM
Subject: [Proto-Scripty] Re: How do I search for characters in order of
input?
If you want to search for a string that matches starting at the
beginning, not in the middle, then just remove the first wildcard (%)
from your query:
SELECT title FROM autocomplete_demo WHERE title LIKE ' . $_POST
['search'] . %'
Now it will match on france, frank, or fragile, but not 'the frame'
or infrangible or any other string that doesn't begin with fra.
Walter
On Nov 11, 2008, at 3:10 AM, alohaaaron wrote:
Hi, I'm trying to modify the demo here
http://wiseguysonly.com/demos/scriptaculous/ajax-autocompletion/
autocomplete.php
which works great but I'd like to search character by character
instead of searching for a character within the string itself.
For example, If I have these strings in a database coffee and frank
and I type fra I just want it to list frank, not coffee.
The PHP script is below. Do I need to modify this an option for the
new Ajax.Autcomplete(); that will do this?
Thanks!
$sql = SELECT title FROM autocomplete_demo WHERE title LIKE '% .
$_POST['search'] . %';
$rs = mysql_query($sql);
?
ul
? while($data = mysql_fetch_assoc($rs)) { ?
li? echo stripslashes($data['title']);?/li
? } ?
/ul
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Prototype script.aculo.us group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/prototype-scriptaculous?hl=en
-~--~~~~--~~--~--~---
[Proto-Scripty] Re: How do I search for characters in order of input?
I thought about putting my usual warning in there, but I thought it
would be simpler to leave it as originally written.
/**
* A really nice tool to clean strings or arrays.
*
* @param mixed $mxdInput A string or an array
* @return mixed same as input, but with trim and strip_tags applied
to string or all elements of array, depending on imput format
* @author Walter Lee Davis
*/
function clean($mxdInput){
if(is_string($mxdInput)) return trim(strip_tags($mxdInput));
$out = array();
foreach($mxdInput as $k=$v){
$out[$k] = clean($v);
}
return $out;
}
$_POST = clean($_POST);
Walter
On Nov 11, 2008, at 1:57 PM, Alex Mcauley wrote:
just FYI i really would not use unsanitized $_POST data in the
search, it
can lead to SQL injection
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Prototype script.aculo.us group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/prototype-scriptaculous?hl=en
-~--~~~~--~~--~--~---
