What i want to do is execute an application and pass a file path as a parameter. Here is my code:
$path = "\\SERVER-1\Source\temp\test\Letters\New Letter.doc"
shell_exec("pdfgenerator.exe ".escapeshellarg ( $path));
The problematic part here is $path. Basically i want to be able to handle all kinds of file path strings including those with spaces in names etc etc.
In this particular case, i have found that escapeshellarg() is not escaping the "\" in \temp and causing the "t" to be interpeted as a tab character. Any ideas how i can get this to pass properly?
This isn't escapeshellarg()'s problem. The \t is being parsed as a tab (0x09) by the PHP parser before it's reached escapeshellarg(). This is because you're placing the string inside of double quotes, which causes PHP to do further complex interpolation on your string. See the manual for more details on differences between single and double quote strings.
Try it with single quotes and see the difference for yourself.
$string1 = "\\SERVER-1\Source\temp\test\Letters\New Letter.doc";
$string2 = '\\SERVER-1\Source\temp\test\Letters\New Letter.doc';
var_dump($string1, $string2, escapeshellarg($string1), escapeshellarg($string2));
Output should be...
string(47) "\SERVER-1\Source emp est\Letters\New Letter.doc"
string(49) "\SERVER-1\Source\temp\test\Letters\New Letter.doc"
string(49) "'\SERVER-1\Source emp est\Letters\New Letter.doc'"
string(51) "'\SERVER-1\Source\temp\test\Letters\New Letter.doc'"
use single quotes instead of double ones and you should be fine
<?php
$path = '\\SERVER-1\Source\temp\test\Letters\New Letter.doc';
print escapeshellarg($path);
// will output "\SERVER-1\Source\temp\test\Letters\New Letter.doc"
shell_exec("pdfgenerator.exe ".escapeshellarg ( $path));
Related
I have searched a lot and tried javascript replace() function and str_replace,addslashes , strip slashes as well but i am not getting the right output.
This is what im doing:
str_replace("\\","\\\\", "C:wamp\www\desi\uploads\artist\bg\9.jpg";
THe output i am getting is:
C:wampwwwÞsiuploads\A rtist\B g .jpg
Then another way i tried:
var clean= "<?php echo str_replace("\\","#",LINKCONSTANT); ?>".replace("#","\\");
Still not working any idea ?
the problem isn't solvable by using str_replace like that because the string in double quotes will have the slashes processed by PHP as escape sequences. Using str_replace like this isn't going to solve the problem of PHP (or javascript) handling string escapes - once you have got a backslash into a string it will stay there quite faithfully.
However string constants will work in single quotes as follows:
'C:wamp\www\desi\uploads\artist\bg\9.jpg'
but as pointed out elsewhere the directory separator in windows is internally handled as either "/" or "\" so just use the "/" (for api calls) and you'll be fine.
If you wish to output a string that is safe to be parsed by javascript then do:
echo "var str = ".json_encode('C:wamp\www\desi\uploads\artist\bg\9.jpg').";";
which will output in a javascript compatible way:
var str = "C:wamp\\www\\desi\\uploads\\artist\\bg\\9.jpg";
What are you going to achieve? Replace the single \ by \\?
Please note, that
"\\"
denotes a string of a single \. This is due to the fact, that \ prefixes an escape sequence in used inside of "...":
\r -> Return
\t -> Tabular
\n -> Newline
Since \ has this special meaning, you need to write \\ to denote a single \ inside of "....".
Thus, this will set $resultString to C:wamp\\www\\desi\\uploads\\artist\\bg\\9.jpg:
$sourceString = "C:wamp\www\desi\uploads\artist\bg\9.jpg";
$resultString = str_replace( "\\", "\\\\", $sourceString );
Pretty new to PHP, trying to figure out proper syntax for concatecating variables and such into strings.
For example:
A $mydir = "../../uploads/images/'".$id."'/thumb";
B $mydir = "../../uploads/images/".$id."/thumb";
C $mydir = '../../uploads/images/'.$id.'/thumb";
D $mydir = "../../uploads/images/$id/thumb";
Which one is correct?
What about when you end a string with a variable, but have to comma out to define the next element?
mkdir('../../uploads/images/' . $newid , 0777);
What about when the variable is in the middle?
mkdir('../../uploads/images/' . $newid . '/thumb', 0777);
Lastly, can anyone recommend a good resource for PHP reference? W3Schools isn't cutting it...
Strings in PHP can use either double or single quotes. There is a difference between the two, in that using double quotes will cause PHP to interpolate any variables in the string. For instance:
$var = 'test';
echo "This is a $var"; // outputs: This is a test
echo 'This is a $var'; // outputs: This is a $var
Because of this, using double quotes around your strings is a bit slower, since the string must be interpolated by PHP before it can be output. There is also nowdoc and heredoc support for strings in PHP, as well.
Aside from that distinction there is no difference and you can use them interchangeably, as in the following example:
echo 'I like ' . "concatenating" . ' strings';
It is probably a good idea, though, to be consistent throughout your code. For more information, please refer to the manual
Go to the PHP Manual: http://php.net/manual/en/language.types.string.php
As for the different types of strings:
If you use the double-quoted strings, you can include variables inside of the string like this:
$name = "world";
print("Hello $name");
Single Quotes will not expand variables.
The period is just the concatenation operator. So if you end by concatenating a variable that's fine. I.e. this is ok:
$name = "world";
$greeting = "Hello ".$name;
You shouldn't use your A or B, if you have double quotes, using D is much nicer to read. That is not to say you can't use it, if you like having a hard time reading your strings, go ahead!
The comma after the string doesn't matter
mkdir('../../uploads/images/' . $newid , 0777); // works
mkdir('../../uploads/images/' . $newid . '/thumb', 0777); // works too
mkdir("../../uploads/images/$newid" , 0777); // works and is nicer to read
mkdir("../../uploads/images/$newid/thumb", 0777); // also nicer to read
If the value you want in the string is not a variable, you either have to create a variable, or you have to use regular string concatenation (instead of interpolation)
B and D are correct. The only difference between single and double quotes in PHP is that the content between double quotes is parsed for PHP. From php.net,
When a string is specified in double quotes or with heredoc,
variables are parsed within it.
A - has a pair of unnecessary single quotes.
B - FINE
C - has an incorrect ending quote. should end in a single quote.
D - FINE
for concatenation B or C will both work, however for relative file paths it's usually best to use the
$_SERVER['DOCUMENT_ROOT']
syntax, and access your files relative to your server's html root folder, meaning your syntax will look something like
$_SERVER['DOCUMENT_ROOT']."/folder/foler/".$id."/thumb";
A won't do it.
B is the best.
C has a syntax mistake. Moreover, for strings you generally use ", but on the other hand, ' is used when formatting html like: 'Google!' so you don't need to escape quotes and the code looks nice.
D works, but not recommended. For example in D `"blah $this -> name blah" won't work. That is the reason.
from your choice list, 'B' is fine, so is 'D'. My favorite reference is the official manual: http://www.php.net/manual/en/
I use sprintf() on my program to output some tabs and newlines. I noticed a part of my program not working properly.
As I inspected the part that isn't working, I noticed that I used a single quote ' instead of a doublequote " and the program actually outputs a \t instead of a inivisible tab space.
I thought the two are similar and the reason for having two delimeters for php is for us to be able to insert single or doublequote in a string or echo them without inserting escape characters.
Would there be a difference in assigning variables aside from the one I discovered
$a = "qq";
$b = 'qq';
Would they be stored in the computer's memory in a different manner?
you can refer to the manual that specifies that single quotes in php consider most escape sequences as litterals, contrary ot double quotes:
http://php.net/manual/en/language.types.string.php
single quote is faster than double
double quote can parse php variable. i.e. $a=2; and if you use echo "a is: $a"; then it will print a is: 2 but single quote will print a is: $a
if you use single quotes for the format string (like you should do, since there
aren't any variable conversions to do as long as you don't need any special chars),
the given examples won't work because of the backslash before the $ (needs to be
escaped in double quoted strings - but not in single quoted!) http://php.net/manual/en/function.sprintf.php
I have built a search engine using php and mysql.
Problem:
When I submit a word with an apostrophe in it and return the value to the text field using $_GET the apostrophe has been replaced with a backslash and all characters after the apostrophe are missing.
Example:
Submitted Words: Just can't get enough
Returned Value (Using $_GET): Just can\
Also the url comes up like this:search=just+can%27t+get+enough
As you can see the ' has been replaced with a \ and get enough is missing.
Question:
Does anybody know what causes this to happen and what is the solution to fix this problem?
The code:
http://tinypaste.com/11d62
If you're running PHP version less than 5.3.0, the slash might be added by the Magic Quotes which you can turn off in the .ini file.
From your description of "value to the text field" I speculate you have some output code like this:
Redisplay
<input value='<?=$_GET['search']?>'>
In that case the contained single quote will terminate the html attribute. And anything behind the single quote is simply garbage to the browser. In this case applying htmlspecialchars to the output helps.
(The backslash is likely due to magic_quotes or mysql_*_escape before outputting the text. I doubt the question describes a database error here.)
Update: It seems it's indeed an output problem here:
echo "<a href='searchmusic.php?search=$search&s=$next'>Next</a>";
Regardless of if you use single or double quotes you would need:
echo "<a href='searchmusic.php?search="
. htmlspecialchars(stripslashes($search))
. "&s=$next'>Next</a>";
(Notice that using stripslashes is a workaround here. You should preserve the original search text, or disable the magic_quotes rather.)
Okay I forgot something crucial. htmlspecialchars needs the ENT_QUOTES parameter - always, and in your case particularly:
// prepare for later output:
$search = $_GET['search'];
$html_search = htmlspecialchars(stripslashes($search), ENT_QUOTES);
And then use that whereever you wanted to display $search before:
echo "<a href='searchmusic.php?search=$html_search&s=$next'>Next</a>";
Single quotes are important in PHP and MySQL.
A single quote is a delimeter for a string in PHP, for example:
$str = 'my string';
If you want to include a literal quote inside a string you must tell PHP that the quote is not the end of the string. It is escaped with the backslash, for example:
$str = 'my string with a quote \' inside it';
See PHP Strings for more on this.
MySQL operates in a similar way. An example query might be:
$username = 'andyb';
$quert = "SELECT * FROM users WHERE user_name = '$username'";
The single quote delimits the string parameter. If the $username included a single quote, this would cause the query to end prematurely. Correctly escaping parameters is an important concept to be familiar with as it is one attack vector for breaking into a database - see SQL Injection for more information.
One way to handle this escaping is with mysql_real_escape_string().
I have a php string with a lot of information to be displayed inside a textarea html element.
I don't have access to that textarea nor to the script (if any) that generates it.
$somestring = 'first line \nSecond line \nThird line.';
$somestring as NOT been "worked" with trim or filter_var. Nothing.
On the textfield, I get the \n printed on the textarea hence, not interpreted.
What can I try in order to have those new lines applied?
Thanks in advance.
Try wrapping $somestring with " (double quotes) instead of ' (single quotes)
\n, \r and other backslash escape characters only works in double quotes and heredoc. In single quotes and nowdoc (the single quote version of heredoc), they are read as literal \n and \r.
Example:
<?php
echo "Hello\nWorld"; // Two lines: 'Hello' and 'World'
echo 'Hello\nWorld'; // One line: literally 'Hello\nWorld'
echo <<<HEREDOC
Hello\nWorld
HEREDOC; // Same as "Hello\nWorld"
echo <<<'NOWDOC'
Hello\nWorld
NOWDOC; // Same as 'Hello\nWorld' - only works in PHP 5.3.0+
Read more about this behaviour in the PHP manual
EDIT:
The reason single and double quotes behave differently is because they are both needed in different situations.
For instance, if you would have a string with a lot of new lines, you would use double quotes:
echo "This\nstring\nhas\na\nlot\nof\nlines\n";
But if you would use a string with a lot of backslashes, such as a file name (on Windows) or a regular expression, you would use single quotes to simplify it and avoid having unexpected problems by forgetting to escape a backslash:
echo "C:\this\will\not\work"; // Prints a tab instead of \t and a newline instead of \n
echo 'C:\this\would\work'; // Prints the expected string
echo '/regular expression/'; // Best way to write a regular expression
$somestring = "first line \nSecond line \nThird line.";
http://php.net/types.string <-- extremely useful reading
this article is a cornerstone of PHP knowledge and it's just impossible to use PHP without it.
unlike most of manual pages which are are just for quick reference, this very page is one which every developer should learn by heart.