I am using $wpdb and the following is part of the codes that calls $wpdb->update.
This code works well if it's normal email#domain.com, but when if users were to use the + sign in their username, e.g. email+something#domain.com, wpdb doesn't read the + sign
Below variables are from $_GET but i'm putting in values for readability.
$open_email = 'something+ADDITION#gmail.com';
$open_key = '2f1e4b16a9a882bbef9b00906fc5c8f563fd70a5';
$open_time = time();
if (strlen($open_key) == 40) {
$status_update = $wpdb->update('status',
array(
'invite_status' => 'opened',
'open_time' => $open_time
),
array(
'invite_email' => $open_email,
'invite_token' => $open_key
),
array(
'%s',
'%d'
),
array(
'%s',
'%s'
)
);
}
var dump of $wpdb->last_query and $wpdb->last_error returns the followings.
string(235) "UPDATE status SET invite_status = 'opened', open_time = 1461103507 WHERE invite_email = 'something ADDITION#gmail.com' AND rating_invite_token = '2f1e4b16a9a882bbef9b00906fc5c8f563fd70a5'"
I notice above part in error, highlighted in bold, that my plus (+) sign is gone and it left a space, causing the above statement not to update.
May I know am I missing out anything?
Update: I am asking because some users of gmails does use the + sign to categorise their emails, as username+anything#gmail.com still goes back to username#gmail.com
If there's any sanitisation which I am supposed to do, but i miss out, please guide me as well. I presume all $_GET data should have been sanitised.
It isn't wpdb or MySQL that's removing the plus.
Under the hood, when you call update like that, WordPress is passing the data through mysqli_real_escape_string() and nothing else.
Since you mentioned the data is coming from the query string $_GET, most likely the + is being removed before the query because it us being unescaped and the + is being translated into a space.
You can check this with:
$open_email = $_GET['email'];
var_dump($open_email);
and see what the result is.
To get the plus back, it should be safe to do the following after all sanitzation and unescaping:
$open_email = str_replace(' ', '+', $open_email);
Related
I cannot seem to get this working. I am trying to modify a very old script (of our late technician and close friend) which we use to be used for searching servers with which OS being used. This consists (as far as I can tell) out PHP and SMARTY.
I already tried escaping the content with slashes and using backticks. But it simply does not work. I really have no idea where to look. Below are the original two pieces of code (I couldn't find more parts for it, or I have overlooked).
Piece of PHP code from the 1st PHP-file:
$values['osname'] = array( '-' => 'no choice',
'5' => 'CentOS 5.x',
'6' => 'CentOS 6.x',
'7' => 'CentOS 7.x',
);
Piece of code from the 2nd PHP-file:
$osname = intval(Common::GPvar('osname'));
$_SESSION['form']['serverselect']['osname'] = $osname;
if ($osname != '-') { $where .= " AND dsh.sumup LIKE '%OS: CentOS ".$osname."%'"; }
This is being used in a search form, so when I select "CentOS 6.x" it will display all servers which have the text OS: CentOS 6.10 in it.
Now what I am trying to achieve is to make the following to work:
$values['osname'] = array( '-' => 'no choice',
'CentOS 5' => 'CentOS 5.x',
'CentOS 6' => 'CentOS 6.x',
'CentOS 7' => 'CentOS 7.x',
'Virtuozzo 7' => 'Virtuozzo 7.x',
);
I tried to escape the content, as I mentioned above, however that didn't work. So I am guessing the coding in the 2nd PHP-file also needs some adjusting. So I tried removing certain stuff, like "CentOS", "%" and several other things. But it does not work. The result is that, on a search, I am getting all servers being displayed (no matter what OS is on them).
I guess I did correctly on escaping the variables in the array, but the 2nd piece of coding is not compatible for some reason with the requested search input?
Anyone has an idea what I am doing wrong here?
You can remove intval(...) because intval will turn strings into integers
https://php.net/manual/en/function.intval.php
$osname = Common::GPvar('osname');
The whole code
$osname = Common::GPvar('osname');
$_SESSION['form']['serverselect']['osname'] = $osname;
if ($osname != '-') { $where .= " AND dsh.sumup LIKE '".$osname."%'"; }
I looked to other questions that looked like mine,but couldn't find a good answer. So
$machines = get_machine($platform);
$options = array() ;
$options[0] = "please select";
foreach( (array)$machines as $machine_){
$options[$machine_[0]] = $machine_[1] ;
array_push($temp,$machine_[0]);
}
//print_r($options);
$form->addElement(new Element\Select("Existing machines :", "machine", array("onchange" => "this.form.submit()", "value" => $machine)));
if ( !in_array( $machine, $temp ) )
$machine = 0;
$form->addElement(new Element\Textbox("Add new/Edit machine:", "new_machine", array("placeholder" => "new machine", "shortDesc" => "Add new machine or edit the existing one", "value" => get_machine( $machine ))));
It says that the "machine" is not defined and unitialized offset .
Here is defined :
if ( isset($_POST['machine']) ) $mask = $_POST['machine']; else $machine = 0;
I had the exact same code with other variables and it didn't gave me an error of such nature. I am sure,that there are no typos.
I am sure this will get me another barrage of downvotes but one method that helped me keeping my statements short and readable (without doing isset($_POST['...']) all the time and everywhere) is placing an initialisation of the expected values at the top of my page and directly underneath it an extract($_POST) command like:
$amount=$mask=$machine=0; $flag1=$flag2=$flag2=false;
extract($_POST);
Yes, this will turn everything that has been posted into a php variable on my page, but ...
it needs to have been posted there in the first place (so that reduces the scope)
it will either be ignored (if it was an unasked variable) or reset later to its proper value in my own code.
The benefit is that after this initialisation I don't need to bother with any isset()s any more. I just use the intended variable directly. It will be there, either in its initialised form (with a value of 0 or false) or as a consequence of the extract() statement.
I am using a PHP script (this one) to generate a JSON file for a Google Map.
this is the PHP code (note: I am using Laravel):
<?php
$query = "SELECT id, info, lat, lng FROM places";
$results = DB::select($query);
$myLocations = array();
$i = 0;
$testLoc = array('loc95' => array( 'lat' => 15, 'lng' => 144.9634 ));
foreach ($results as $result)
{
$myLocation = array(
'loc'.++$i => array(
'lat' => round((float)$result->lat, 4),
'lng' => round((float)$result->lng, 4)
));
$myLocations += $myLocation;
}
$myLocations += $testLoc;
echo json_encode($myLocations);
?>
and this is the output:
{"loc1":{"lat":45.4833,"lng":9.1854},"loc2":{"lat":45.4867,"lng":9.1648},"loc3":{"lat":45.4239,"lng":9.1652},"loc95":{"lat":15,"lng":144.9634}}
ok. the script I use to put the JSON data in a Google Map, unfortunately, keeps ignoring any data coming from the MySQL database, and shows only the test data place(s). I have tried to swap data, to put in test data the same info found in database... nothing, I keep seeing only the test data.
but, really: I cannot figure out why. What am I missing... ?
You wrote that you're using another script and that the other script only shows the testlocations on google maps.
My guess is that you didn't update the other script to your needs, specifically my crystal ball is telling me that you still have this line in there:
setMarkers(locs);//Create markers from the initial dataset served with the document.
In your question you only showed the part which worked and I agree, but you only mentioned that "something else" isn't working. If you want an answer for that part, try reprashing your question and include the parts which cause you problems.
At the risk of getting a down vote I am going to ask this question to see if anyone can help me. I have been staring at this for a while and I can't figure it out.
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) on line 130
function pdf($type=null){
//get default or create a type
$data = $this->storeSessionData(
array(),
'SalesComp',
$this->variables
);
$type = ($type)? $type : $data['type']; //this is line 130
$this->set('data', $this->report('store', 'year', 3, $type));
$this->set(
'districtTitle',
array('N' => 'North', 'S' => 'South')
);
$districts = $this->Store->find(
'list',
array(
'fields' => array('Store', 'District'),
'conditions' => array('NOT' => array('District'=> 'O')
)
)
);
$this->set('districts', $districts);
$supervisor = $this->Store->find(
'list',
array('fields' => array('Store','Supervisor'),
'conditions' => array('NOT' => array('District'=> 'O')
)
)
);
$this->set('supervisor', $supervisor);
$this->set(
'supervisors',
$this->Supervisor->find(
'list',
array('fields' => array('Supervisor','ShortName')
)
)
);
$title = ($type == 'sales')?
'Sales Comparison Report':'Fuel Comparison Report';
$this->set('title', $title);
$this->layout = 'pdf';
$this->render();
}
The error suggests mismatched quotes or brackets somewhere. Unfortunately, when this happens, the line number in the error message may be some totally unrelated line -- it's just the first place where the compiler notices that the syntax is no longer valid. The error is actually somewhere before the code snippet in the question, so it's impossible for me to pinpoint it. Syntax highlighting in code editors can help in finding the mismatch.
You can find all php tokens here:
http://php.net/manual/en/tokens.php
There's 2 things about the marked line:
PHP is a scripted language with a VERY complicated syntax in reality. It might look simple, but in comparison to C or the like it's very complicated, and only because there where so many small (and many times incoherent) changes made over the years, and some things can't be changed anymore without breaking backwards compatibility. One of those things is handling of parantheses - PHP does not handle these in a mathematical way, but treat them specially depending on context. This means you should get rid of them in the marked line (there is no need for them in the first place either way)
"Invisible" (i.e. UTF8) whitespaces - these are source for many "strange" problems, especially if you develop on a mac (press alt + space). Easiest way to fix them: Retype the line. And DON'T try copy & pasting it, because you will copy the whitespace as well.
Also I would change the line to
if (! $type) $type = $data['type'];
I hope you know which values evaluate falsy in php, because it's not only NULL (you can find a list here: http://php.net/manual/en/language.types.boolean.php )
On a sidenote: PHP was developed as a simple way to write templates, so maybe you might want to have a look at some compiled programming languages if you want to build complex logic (C for example, which is by far simpler than PHP, and I've been doing PHP for more than 6 years now)
Try replacing
$type = ($type)? $type : $data['type'];
With
$type = $type ? $type : $data['type'];
I doubt that it makes any difference, but maybe a space between the variable named $type and the question mark is needed. For more information about this, check the PHP docs on the ternary operator.
I am creating a 3D Secure PHP Project. I am having a rather bizzare issue in that the "MD" code is going missing when re-submitting the Array of data
My code is as follows :
$paRes = $_REQUEST['PaRes'];
$md = $_REQUEST['MD'];
require "payment_method_3d.php";
x_load('cart','crypt','order','payment','tests');
/*
* For Debugging Purposes
* Only.
echo "The Value Of PaRes is : ";
echo $paRes;
*/
$soapClient = new SoapClient("https://www.secpay.com/java-bin/services/SECCardService?wsdl");
$params = array (
'mid' => '',
'vpn_pswd' => '',
'trans_id' => 'TRAN0095', // Transaction ID MUST match what was sent in payment_cc_new file
'md' => $md,
'paRes' => $paRes,
'options' => ''
);
It seems that the $_REQUEST['MD'] string seems to go missing AFTER the soap call. Although I am having difficulty print this out to the screen. The strange thing is the $paRes variable works without issue.
Any ideas why this would be the case?
Check your case. PHP array keys are case sensitive. From this little bit of code it looks as if the request variable may be 'md' instead of 'MD'.
Try $md = $_REQUEST['md'];
PHP array statements are case sensitive, so this should work:....
$md = $_REQUEST['md'];
Thanks for your responses guys.
What was happening was the include page was sitting in front of the request methods and causing issues loading the REQUEST methods to the page.