If i have the following string, i try to escape the backticks before passing to node vm.script(...) for execution
// test has been previously declared
$someStr = "test = `more/${test}`";
$escapedSomeStr = sprintf('%s', addcslashes($someStr, "`"));
I end up with double backslashes before the backticks like so if i output $escapedSomeStr i get the following
test = \\`more/${test}\\`
Some reading i've been doing indicates that PHP used to have magic quotes which adds the extra slash, but it doesnt appear to be turned on.
Related
What i want to do is execute an application and pass a file path as a parameter. Here is my code:
$path = "\\SERVER-1\Source\temp\test\Letters\New Letter.doc"
shell_exec("pdfgenerator.exe ".escapeshellarg ( $path));
The problematic part here is $path. Basically i want to be able to handle all kinds of file path strings including those with spaces in names etc etc.
In this particular case, i have found that escapeshellarg() is not escaping the "\" in \temp and causing the "t" to be interpeted as a tab character. Any ideas how i can get this to pass properly?
This isn't escapeshellarg()'s problem. The \t is being parsed as a tab (0x09) by the PHP parser before it's reached escapeshellarg(). This is because you're placing the string inside of double quotes, which causes PHP to do further complex interpolation on your string. See the manual for more details on differences between single and double quote strings.
Try it with single quotes and see the difference for yourself.
$string1 = "\\SERVER-1\Source\temp\test\Letters\New Letter.doc";
$string2 = '\\SERVER-1\Source\temp\test\Letters\New Letter.doc';
var_dump($string1, $string2, escapeshellarg($string1), escapeshellarg($string2));
Output should be...
string(47) "\SERVER-1\Source emp est\Letters\New Letter.doc"
string(49) "\SERVER-1\Source\temp\test\Letters\New Letter.doc"
string(49) "'\SERVER-1\Source emp est\Letters\New Letter.doc'"
string(51) "'\SERVER-1\Source\temp\test\Letters\New Letter.doc'"
use single quotes instead of double ones and you should be fine
<?php
$path = '\\SERVER-1\Source\temp\test\Letters\New Letter.doc';
print escapeshellarg($path);
// will output "\SERVER-1\Source\temp\test\Letters\New Letter.doc"
shell_exec("pdfgenerator.exe ".escapeshellarg ( $path));
I have searched a lot and tried javascript replace() function and str_replace,addslashes , strip slashes as well but i am not getting the right output.
This is what im doing:
str_replace("\\","\\\\", "C:wamp\www\desi\uploads\artist\bg\9.jpg";
THe output i am getting is:
C:wampwwwÞsiuploads\A rtist\B g .jpg
Then another way i tried:
var clean= "<?php echo str_replace("\\","#",LINKCONSTANT); ?>".replace("#","\\");
Still not working any idea ?
the problem isn't solvable by using str_replace like that because the string in double quotes will have the slashes processed by PHP as escape sequences. Using str_replace like this isn't going to solve the problem of PHP (or javascript) handling string escapes - once you have got a backslash into a string it will stay there quite faithfully.
However string constants will work in single quotes as follows:
'C:wamp\www\desi\uploads\artist\bg\9.jpg'
but as pointed out elsewhere the directory separator in windows is internally handled as either "/" or "\" so just use the "/" (for api calls) and you'll be fine.
If you wish to output a string that is safe to be parsed by javascript then do:
echo "var str = ".json_encode('C:wamp\www\desi\uploads\artist\bg\9.jpg').";";
which will output in a javascript compatible way:
var str = "C:wamp\\www\\desi\\uploads\\artist\\bg\\9.jpg";
What are you going to achieve? Replace the single \ by \\?
Please note, that
"\\"
denotes a string of a single \. This is due to the fact, that \ prefixes an escape sequence in used inside of "...":
\r -> Return
\t -> Tabular
\n -> Newline
Since \ has this special meaning, you need to write \\ to denote a single \ inside of "....".
Thus, this will set $resultString to C:wamp\\www\\desi\\uploads\\artist\\bg\\9.jpg:
$sourceString = "C:wamp\www\desi\uploads\artist\bg\9.jpg";
$resultString = str_replace( "\\", "\\\\", $sourceString );
I use sprintf() on my program to output some tabs and newlines. I noticed a part of my program not working properly.
As I inspected the part that isn't working, I noticed that I used a single quote ' instead of a doublequote " and the program actually outputs a \t instead of a inivisible tab space.
I thought the two are similar and the reason for having two delimeters for php is for us to be able to insert single or doublequote in a string or echo them without inserting escape characters.
Would there be a difference in assigning variables aside from the one I discovered
$a = "qq";
$b = 'qq';
Would they be stored in the computer's memory in a different manner?
you can refer to the manual that specifies that single quotes in php consider most escape sequences as litterals, contrary ot double quotes:
http://php.net/manual/en/language.types.string.php
single quote is faster than double
double quote can parse php variable. i.e. $a=2; and if you use echo "a is: $a"; then it will print a is: 2 but single quote will print a is: $a
if you use single quotes for the format string (like you should do, since there
aren't any variable conversions to do as long as you don't need any special chars),
the given examples won't work because of the backslash before the $ (needs to be
escaped in double quoted strings - but not in single quoted!) http://php.net/manual/en/function.sprintf.php
I have built a search engine using php and mysql.
Problem:
When I submit a word with an apostrophe in it and return the value to the text field using $_GET the apostrophe has been replaced with a backslash and all characters after the apostrophe are missing.
Example:
Submitted Words: Just can't get enough
Returned Value (Using $_GET): Just can\
Also the url comes up like this:search=just+can%27t+get+enough
As you can see the ' has been replaced with a \ and get enough is missing.
Question:
Does anybody know what causes this to happen and what is the solution to fix this problem?
The code:
http://tinypaste.com/11d62
If you're running PHP version less than 5.3.0, the slash might be added by the Magic Quotes which you can turn off in the .ini file.
From your description of "value to the text field" I speculate you have some output code like this:
Redisplay
<input value='<?=$_GET['search']?>'>
In that case the contained single quote will terminate the html attribute. And anything behind the single quote is simply garbage to the browser. In this case applying htmlspecialchars to the output helps.
(The backslash is likely due to magic_quotes or mysql_*_escape before outputting the text. I doubt the question describes a database error here.)
Update: It seems it's indeed an output problem here:
echo "<a href='searchmusic.php?search=$search&s=$next'>Next</a>";
Regardless of if you use single or double quotes you would need:
echo "<a href='searchmusic.php?search="
. htmlspecialchars(stripslashes($search))
. "&s=$next'>Next</a>";
(Notice that using stripslashes is a workaround here. You should preserve the original search text, or disable the magic_quotes rather.)
Okay I forgot something crucial. htmlspecialchars needs the ENT_QUOTES parameter - always, and in your case particularly:
// prepare for later output:
$search = $_GET['search'];
$html_search = htmlspecialchars(stripslashes($search), ENT_QUOTES);
And then use that whereever you wanted to display $search before:
echo "<a href='searchmusic.php?search=$html_search&s=$next'>Next</a>";
Single quotes are important in PHP and MySQL.
A single quote is a delimeter for a string in PHP, for example:
$str = 'my string';
If you want to include a literal quote inside a string you must tell PHP that the quote is not the end of the string. It is escaped with the backslash, for example:
$str = 'my string with a quote \' inside it';
See PHP Strings for more on this.
MySQL operates in a similar way. An example query might be:
$username = 'andyb';
$quert = "SELECT * FROM users WHERE user_name = '$username'";
The single quote delimits the string parameter. If the $username included a single quote, this would cause the query to end prematurely. Correctly escaping parameters is an important concept to be familiar with as it is one attack vector for breaking into a database - see SQL Injection for more information.
One way to handle this escaping is with mysql_real_escape_string().
I have a php string with a lot of information to be displayed inside a textarea html element.
I don't have access to that textarea nor to the script (if any) that generates it.
$somestring = 'first line \nSecond line \nThird line.';
$somestring as NOT been "worked" with trim or filter_var. Nothing.
On the textfield, I get the \n printed on the textarea hence, not interpreted.
What can I try in order to have those new lines applied?
Thanks in advance.
Try wrapping $somestring with " (double quotes) instead of ' (single quotes)
\n, \r and other backslash escape characters only works in double quotes and heredoc. In single quotes and nowdoc (the single quote version of heredoc), they are read as literal \n and \r.
Example:
<?php
echo "Hello\nWorld"; // Two lines: 'Hello' and 'World'
echo 'Hello\nWorld'; // One line: literally 'Hello\nWorld'
echo <<<HEREDOC
Hello\nWorld
HEREDOC; // Same as "Hello\nWorld"
echo <<<'NOWDOC'
Hello\nWorld
NOWDOC; // Same as 'Hello\nWorld' - only works in PHP 5.3.0+
Read more about this behaviour in the PHP manual
EDIT:
The reason single and double quotes behave differently is because they are both needed in different situations.
For instance, if you would have a string with a lot of new lines, you would use double quotes:
echo "This\nstring\nhas\na\nlot\nof\nlines\n";
But if you would use a string with a lot of backslashes, such as a file name (on Windows) or a regular expression, you would use single quotes to simplify it and avoid having unexpected problems by forgetting to escape a backslash:
echo "C:\this\will\not\work"; // Prints a tab instead of \t and a newline instead of \n
echo 'C:\this\would\work'; // Prints the expected string
echo '/regular expression/'; // Best way to write a regular expression
$somestring = "first line \nSecond line \nThird line.";
http://php.net/types.string <-- extremely useful reading
this article is a cornerstone of PHP knowledge and it's just impossible to use PHP without it.
unlike most of manual pages which are are just for quick reference, this very page is one which every developer should learn by heart.