I am using codeigniter 3 for my project. In my database i have a table that is being used by some other authentication system. the problem i am facing when i am am searching some value with special character (inside the data/ concated with the data)
$query = "SELECT * FROM tablename WHERE value = '$#!"."asdasd<3ddasd"."'";
Even $this->db->query($query); is not returning any desirable output. after echo $this->db->last_query(); i get the query and it was as it should be. if i copy it to phpmyadmin, it gives correct result.
As per several discussion in SO and some other pages i have also tried with
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-!##<$';
db is utf8_general_ci is Server connection collation.
Query i put here just for showing you a scenario and i have used active record.
EDIT 1: I have used $this->input->post() for getting the input.
EDIT 2: just found out doesnot work with "$#!"."asdasd<3ddasd" but work for "$#!"."asdasd3ddasd"
Make sure you do not forget to urldecode the post values. What might be happening is that you use $_POST instead of the codeigniter function $this->input->post();
$_POST won't urldecode the parameters for you while the codeigniter function does.
So verify that the variable you pass to your query really is selänne and not sel%C3%A4nne
And if it is sel%C3%A4nne, use urldecode() or $this->input->post()
Reference from This Question
Related
I made a code using codeigniter to get the data by the title of the topic. my code is.
the controller
public function viewTopic($category, $title){
$data['topic'] = $this->Setting->get_dataNew('*', 'community_topics', 'WHERE title="'.str_replace('-', ' ', urldecode($title)).'"');
}
the link is like this one.
/community/questions/ما-هو-المجتمع-؟
The problem is when I added a special characters to the title like - or () the query not working, is there is a way to fix it ?
Because you are using the - to remove the spaces it will not be possible, unless you used different symbol for it, codeigniter filters all special characters to prevent the sql injection attacks, however, you can add column named urlSlug, and store the exact value of the slug in it, so when you query next time, it will be
public function viewTopic($category, $title){
$data['topic'] = $this->Setting->get_dataNew('*', 'community_topics', 'WHERE urlSlug="'.$title.'"');
}
We are using the same for the Arabic version of the website, and it is working perfectly,
also don't forget you will need to add the list of the permitted characters to
$config['permitted_uri_chars']='' to avoid any future error.
I have an external database that I am trying to access from within a Drupal page, I have successfully queried the database and output data to the page using fetchAssoc(), however this only returns the first row in the database. I would like to return all rows into an array for processing, so I'm attempting to use fetchAllAssoc(), this however results in an exception. The database has the following SQL fields:
id, model, manufacturer, url, date_modified
My test code is as follows:
<?php
db_set_active('product_db');
$query = db_select('product', 'p')->fields('p');
$sqlresults = $query->execute()->fetchAllAssoc('id');
foreach($sqlresults as $sqlresult)
{
printf($sqlresult);
}
db_set_active();
?>
I'm thinking that it is the key field 'id' that I am specifying with fetchAllAssoc() that is the problem, as fetchAssoc() prints values correctly. All documentation I have found seems to say that you pass a database field as the key but I have also passed a numeric value with no success.
Many thanks in advance for any advice, I'm sure I'm just missing something stupid.
I think it should work in this way, but within the foreach you want to print the $sqlresult variable as a string, but it is an object (it causes the error).
printf function needs a string as the first parameter, see:
http://php.net/manual/en/function.printf.php
Use for instance var_dump instead:
var_dump($sqlresult);
I am trying to use special danish characters (æøå) in the URL as GET parameters. So for instance I have this URL:
http://example.com?name=åge
that URL will get converted into the ASCII equivalent automatically, so in the URL it will read:
http://example.com?name=%E5ge
When i access and print out that value it works just fine, and displays that parameter as:
åge
However, i am using that to select stuff in my DB, and this won't work. If i use the ASCII version in the URL, it won't select anything form the DB and just give me an empty result. If i force the URL to not use ASCII, so it is: http://example.com?name=åge it will work fine when selecting from the DB, but when I display the parameter it shows as this:
Ã¥
I have no idea how to get around this. Any help is appreciated.
I would transform the parameter to UTF-8 and then prepare the database for a UTF-8 query, with something like this:
$name = utf8_encode($_GET['name']);
mysqli_query($mysqli_connector, "SET NAMES UTF8");
And then, prepare your query.
That should work.
I hope that helps!
Been struggling with this thing for hours now. Hopefully someone could help me out.
Trying to get data from mysql based on first and last name. Everything works just fine except when there is special characters like ä or ö.
I have the profiler on and query looks like this:
SELECT mail, address, title FROM users WHERE firstname='teemu' AND lastname='sel%C3%A4nne'
And it should be:
SELECT mail, address, title FROM users WHERE firstname='teemu' AND lastname='selänne'
In my model it's like this:
$sql = "SELECT mail, address, title FROM users WHERE firstname=? AND lastname=?";
How can I fix this? Thank you!
Controller
public function edit()
{
$this->load->model('p_model');
$this->load->view('edit',$data);
}
public function ajax_p($first,$last)
{
$this->load->model('p_model');
$data['info'] = $this->p_model->pInfo($first,$last);
$this->load->view('ajax/p',$data);
}
Make sure you do not forget to urldecode the post values. What might be happening is that you use $_POST instead of the codeigniter function $this->input->post(); $_POST won't urldecode the parameters for you while the codeigniter function does.
So verify that the variable you pass to your query really is selänne and not sel%C3%A4nne
And if it is sel%C3%A4nne, use urldecode() or $this->input->post()
Have you utf8_general_ci in database ?
And your file is encoded as utf8 ?
try putting your special characters in config like
$config['permitted_uri_chars'] = 'a-z 0-9~%.:#_\-ä';
and make sure your db is utf8_general_ci is your Server connection collation.
I can not get an SQL update statement to subtract a variable from a table value. Here is my code:
$_SESSION_Job101=mysql_fetch_array(mysql_query("SELECT * FROM job_101 WHERE job_101.username='$_SESSION_User'"));
mysql_query("UPDATE characters SET currenergy=currenergy-$_SESSION_Job101['ecost'] WHERE username='$_SESSION_User'");
$_SESSION_Job101 is a perfectly valid result, as I pull from it on another page; I even pull the 'ecost' on said page. I also update currenergy this way in another script, except I use the number 1 instead of the variable. So I've narrowed it down to that variable.
It wouldn't matter that $_SESSION_Job101 is the result from a second table (job_101), and that query is updating to the table characters, would it?
We don't have enough information, but since you don't perform ANY error handling or validation that SQL resultset is returned, it could be an error caused by issues such as:
no rows returned in first query
some other parsing issue not directly evident
I would propose that you use temporary strings and echo the actual SQL queries.
Continue by actually testing them with MYSQL (through workbench, queryviewer, or console) in order to see where and what the error is.
Also, it's not recommended to skip error checking and try to combine so many lines/steps into 2 lines.
Imagine the first query does not return any results for example...
Debugging:
$query1 = "SELECT * FROM job_101 WHERE job_101.username='$_SESSION_User'";
echo $query1."<br/>";
$_SESSION_Job101=mysql_fetch_array(mysql_query($query1 ));
$query2 = "UPDATE characters SET currenergy=currenergy-$_SESSION_Job101['ecost'] WHERE username='$_SESSION_User'";
echo $query2."<br/>";
mysql_query($query2);
Update
Based on your comment I suggest you try the following two options:
1) Add a space between the - and $_SESSION_Job101['ecost'].
2) If that doesn't work, change your string to:
mysql_query("UPDATE characters SET currenergy=currenergy-".$_SESSION_Job101['ecost']." WHERE username='".$_SESSION_User."'";`