this if statement doesn't read me the accented letters:
if( $f_name === 'Cà') $f_name = 'SSD';
I also tried with:
if( $f_name === 'Cà') $f_name = 'SSD';
but nothing...
How can I fix?
Thank you
Related
I have a problem of charset.
On localhost everything works fine, but now on remote server I see strange characters replacing others like à or è. I have read it's a charset issue and I think the problem can be my php.ini (I can't edit it).
To solve it I've tried many things:
I've set
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
on html,
ini_set('default_charset', 'UTF-8');
on php,
AddDefaultCharset utf-8
on my .htaccess file,
if I use utf8_encode on strings letters are replaced by ã or similar, if I leave it without doing anything letters are �
There is another way to solve this problem that I have not found yet?
Sorry, I forgot to say it: strings are retrieved from another site by a file_get_contents (I'm using a Yandex API)
Here's some code:
$yandex = 'https://dictionary.yandex.net/api/v1/dicservice.json/lookup?key=my_api_key&lang=it-it&text=attualità';
// get json from this page
$object = json_decode(file_get_contents($yandex));
$syns_array = array();
$type = '';
// if the word exists
if (!empty($object->def) && $object->def != FALSE && $object->def != NULL)
{
$type = $object->def[0]->tr[0]->pos;
$rows = $object->def[0]->tr;
// if there're synonyms
if (!empty($rows) && $rows != FALSE && $rows != NULL)
{
foreach ($rows as $row)
{
array_push($syns_array, $row->text);
// if there're more rows with syns
if (!empty($row->syn) && $row->syn !== FALSE && $row->syn !== NULL)
{
foreach ($row->syn as $syns_obj)
{
array_push($syns_array, $syns_obj->text);
}
}
}
}
}
// I echo my synonyms from the array
foreach($syns_array as $syn) {
echo $syn;
}
I forgot to say I was using mb_strtolower on those strings. Replacing it with strotolower the problem is solved... Sorry
I'd like to stop people spamming using special characters used for mail injection in php. For example \n and \r are used to concatenate several headers and so that also with %0A and %0D. So I wrote a regex to match them. But I suspect that my regex is not so efficient... something brings me to think that I'm writing something of unusable... Any help is appreciated, thanks.
Here is a basic example of that I'd like to do...
if (!preg_match('/^[^\s]./', $_POST['name']) || (preg_match('/(%0A|%0D|\\n+|\\r+|;|mime-version:|content-type:|content-transfer-encoding:|subject:|to:|cc:|bcc:)/i', $_POST['name'])) || !(strpos($_POST['name'],'\r') === false) || !(strpos($_POST['name'],'\n') === false)) {
exit("Warning: your Name contains illegal characters! This mail will not be sent!");
} elseif (!preg_match('/^[^\s]./', $_POST['subject']) || (preg_match('/(%0A|%0D|\\n+|\\r+|;|mime-version:|content-type:|content-transfer-encoding:|subject:|to:|cc:|bcc:)/i', $_POST['subject'])) || !(strpos($_POST['subject'],'\r') === false) || !(strpos($_POST['subject'],'\n') === false)) {
exit("Warning: your Subject contains illegal characters! This mail will not be sent!");
} elseif (!preg_match('/^[a-zA-Z0-9]+([_\\.-][a-zA-Z0-9]+)*'.'#([a-zA-Z0-9]+([\.-][a-zA-Z0-9]+))+$/', $_POST['mail'])) {
exit("Warning: your Mail contains no valid email address! This mail will not be sent!");
} elseif (!preg_match('/^[^\s]./', $_POST['message'])) {
exit("Warning: your Message connot be empty! This mail will not be sent!");
} else {
$name = $_POST['name'];
$mail = $_POST['mail'];
$subject = $_POST['subject'];
$message = $_POST['message'];
mail($to, $subject, $message, $headers, "-f$mail") {
exit("Your Mail is sent! Thanks!");
}
In order to match \n, \r, %0A and %0D how should I write my regex?
And
!(strpos($_POST['subject'],'\r') === false) !(strpos($_POST['subject'],'\n') === false)
are quite good?
Thanks.
I did a test. The test result is a success! I tested the regex trying directly in localhost with different methods:
<?php
$test = "the dog \n was \r sleeping on the floor";
if (preg_match_all('/(%0A|%0D|\\n+|\\r+|;|mime-version:|content-type:|content-transfer-encoding:|subject:|to:|cc:|bcc:)/i', $test, $tmp)) {
echo "I found this character: '";
print_r($tmp[1]);
echo "'";
} else {
echo "I cannot find any string searched";
}
?>
Result:
I found this character: 'Array ( [0] => [1] => ) '
Looking at source I can see the \n and the \r
I found this character: 'Array
(
[0] =>
[1] =>
)
'
So I think that the regex is well build.
Also other test I did with strpos():
if !(strpos($_POST['subject'],'\n') === false)) {
fails with single quotes while finds the \n with double quotes...
if !(strpos($_POST['subject'],"\n") === false)) {
Conclusions: regex is well formed and strpos() needs "" to match \n or \r.
I am not very thorough with regex, but I can help u by giving an alternate trick solution to your problem.
You ca use following code to solve your purpose.
<?php
function sanitize_strings($raw_string) {
return preg_replace("/[^0-9a-zA-Z_\-\\\%]+/", "", $raw_string);
}
if( $raw_string == sanitize_strings($raw_string) )
{
echo "No illegal characters found.";
}
else
{
echo "Illegal characters found.";
}
?>
Hope this works for you. :)
I try to make a litte php script that will automaticcaly correct a typo when inserting an e-mail address in a form.
if (strpos($_POST["email"], "#hotmail.comm") !== false) {
$_POST["email"] = str_replace('#hotmail.comm', '#hotmail.com', $_POST["email"]);
goto end;
}
if (strpos($_POST["email"], "#homail.com") !== false) {
$_POST["email"] = str_replace('#homail.com', '#hotmail.com', $_POST["email"]);
goto end;
}
end:
When I test this, everything works OK for #homail.com but when I test with #hotmail.comm, the e-mail address has change to #hotmail.commm
Any idea whis this goes wrong with #hotmail.comm ?
Kind regards,
Arie
It looks fine to me, but goto, really? Assign to $_POST? No!
You can write this shorter and better:
$improvements = array('#hotmail.comm' => '#hotmail.com',
'#homail.com' => '#hotmail.com');
$emailAddress = str_replace(array_keys($improvements),
array_values($improvements),
$_POST["email"]);
Obviously the list can be expanded without adding much code. Always try to write easy to maintain code.
#Arie, Please check below code for your solution.
$email = $_POST["email"];
if (strpos($email, "#hotmail.comm") !== false) {
$_POST["email"] = str_replace('#hotmail.comm', '#hotmail.com', $email);
}
if (strpos($email, "#homail.com") !== false) {
$_POST["email"] = str_replace('#homail.com', '#hotmail.com', $email);
}
echo $_POST["email"];die;
Well, I have a BD with a lot of ISO strings and another with UTF-8 (yes, I ruin everything) and now I'm making a custom function that rewrite all the BD again to have all in UTF-8, the problem, is the conversion with UTF-8 strings... The ? appears:
$field = $fila['Field'];
$acon = mysql_fetch_array(mysql_query("SELECT `$field` as content FROM `$curfila` WHERE id='$i'"));
$content = $acon['content'];
if(!is_numeric($content)) {
if($content != null) {
if(ip2long($content) === false) {
mb_internal_encoding('UTF-8');
if(mb_detect_encoding($content) === "UTF-8") {
$sanitized = utf8_decode($content);
if($sanitized != $content) {
echo 'Fila [ID ('.$i.')] <b>'.$field.'</b> => '.$sanitized.'<br>';
//mysql_query("UPDATE `$curfila` SET `$field`='$sanitized' WHERE id='$i'");
}
}
}
}
}
PD: I check all the columns and rows of all the tables of the BD. (I show all everything before doing anything)
So, how can I detect that?
I tried mb_detect_encoding, but the all the string are in UTF-8... So, which function can I use now?
Thanks in advance.
I start to learn php and create a code to learn how to use the GET/POST in php code.
So I heard an unsafe code can be executed through the input, so I create a checker using the
htmlentities() function.
<?php
if (isset($_POST['firstname'], $_POST['lastname'], $_POST['pwd']) or isset($_GET['firstname'], $_GET['lastname'], $_GET['pwd'])) {
txt_check();
$fname = $_GET['firstname'];
$lname = $_GET['lastname'];
$pwd = $_GET['pwd'];
if ($fname == 'Or' and $lname == 'Halimi' and $pwd == 'password') {
print 'Welcome master';
} else {
print 'You are not my master!';
}
echo format('<br/> <br/> {} {}', array($fname, $lname)); # like format in python
}
function txt_check() {
foreach ($_GET as $name => $string) {
$_GET[$name] = htmlentities($_GET[$name], ENT_QUOTES, 'UTF-8');
}
foreach ($_POST as $name => $string) {
$_POST[$name] = htmlentities($_POST[$name], ENT_QUOTES, 'UTF-8');
}
}
?>
The problem is my function txt_check() not working,
but when I put echo htmlentities($fname, ENT_QUOTES, 'UTF-8') #fname=<script> i get <script> at the end of the code.
Maybe I can't edit $_GET? I come from python so I don't know if $_GET is special in someway.
Edit:
I want to understand if i can change the global $_GET\$_POST like I did and if its good to doing so' because i don't know if the code inside txt_check() working for me.
If not, there is a better way to protect the input I get? Because i want to make a standard level of protecting, even if i dont even know the most risks that's hanging out there.
And why htmlentities() its not so good for this case? I use basic tutorial about php security to make it.
If you are trying to remove HTML tags, i would recommend you to use the strip_tags...not the htmlentities.
<?php
$mytext = "hello<br><script>alert('everybody');</script>";
$allow = "<br>";
echo strip_tags($mytext,$allow);
?>
That will remove only the script tag.