I know this question has been asked before but the answers are not the solution to my problem.
When i post a text with this code:
$info=html_entity_decode(mysql_real_escape_string($_POST['info']));
Like :
fdsa
fdsa
fasf
and when i posted this text with antered and spaces it looks like this
<?php echo $info;?>
fdsa\r\nfdsa\r\nfasf\r\n
i try this nl2br($info) but still not working.
What do I need to appear in the text in this way?
fdsa
fdsa
fasf
Replace the \r\n by <br>, the \n by <br>, then the\r by <br>:
$info = html_entity_decode($_POST['info']);
$info = str_replace('\r\n' , '<br>', $info);
$info = str_replace('\n' , '<br>', $info);
$info = str_replace('\r' , '<br>', $info);
$info = html_entities($info);
echo $info;
You have to make multiples replacements since new lines can be represented differently according to the operating system (See this page for more details)
Finally, sanitize the value with html_entities before echoing it, preventing client side attacks.
EDIT : Removed the mysql_... function, not needed (the value isn't intended to be inserted in a MySQL database, not now at least).
Also, read Lashus advice bellow and apply it ;)
Related
I am having an issue where my PHP script opens a file with JSON code and needs to insert it into a MySQL database.
For some reason it only displays some of the output from the JSON.
Here is my code
$json = json_decode(file_get_contents('data.json'), true);
$data = $json;
// VAR's
$system = $data['System'];
$cid_from = $data["From"];
$cid_to = $data['To'];
//DEBUG USAGES
$array = print_r($data, true);
////// THIS ONE WORKS FINE
echo $data["System"];
////// THIS ONE DOESN'T WORK
echo $data["To"];
file_put_contents('output/json-local.txt',$array . "\r\n", FILE_APPEND);
////// BUT HERE IT ACTUALLY WORKS
file_put_contents('output/cli-from.txt',$data['From']. "\r\n", FILE_APPEND);
file_put_contents('output/cli-to.txt',$data['To']. "\r\n", FILE_APPEND);
// file_put_contents('json-sysid-local.txt',$systemid . "\r\n", FILE_APPEND);
Here is the contents of data.json
{"action":"call-data-record",
"System":"48130b83e2232f0ecd366a92d4d1261d",
"PrimaryCallID":"n1bWEfCdHcf#MSS.MTN.CO.ZA-b2b_1",
"CallID":"0440b807#pbx",
"From":"<sip:+27722080036#xxx.co.za>",
"To":"<sip:27102850816#xxx.co.za>",
"Direction":"O",
"RemoteParty":"",
"LocalParty":"",
"TrunkName":"",
"TrunkID":"",
"Cost":"",
"CMC":"",
"Domain":"xxx.co.za",
"TimeStart":"2018-08-14 16:03:21",
"TimeConnected":"",
"TimeEnd":"2018-08-14 16:03:23",
"LocalTime":"2018-08-14 18:03:21",
"DurationHHMMSS":"0:00:00",
"Duration":"0",
"RecordLocation":"",
"RecordUsers":"",
"Type":"hunt",
"Extension":"100",
"ExtensionName":"100",
"IdleDuration":"",
"RingDuration":"2",
"HoldDuration":"0",
"IvrDuration":"0",
"AccountNumber":"400",
"IPAdr":"",
"Quality":"VQSessionReport: CallTerm\r\nLocalMetrics:\r\nCallID:0440b807#pbx\r\nFromID:<sip:27102850816#xxx.co.za>\r\nToID:<sip:+27722080036#xxxx.co.za>;tag=1460166964\r\nx-UserAgent:Vodia-PBX/57.0\r\nx-SIPmetrics:SVA=RG SRD=91\r\nx-SIPterm:SDC=OK SDR=OR\r\n"}
Your "To" data is encapsulated in <>. This causes your browser to interpret it as an HTML tag and not display any content.
You can (should!) escape the special HTML control characters:
echo htmlspecialchars($data["To"]);
See http://php.net/htmlspecialchars
Edit: It doesn't hurt to precautionary add this to your other outputs aswell. If the string doesn't contain such characters, it will simply be returned onchanged. You eliminate possible XSS attack vectors this way.
The browser source clearly shows "To":"" is being written by PHP to the browser output correctly but the browser is interpreting as an HTML opening tag hence ignoring the rest of the content.
Wrap your output in the PHP htmlspecialchars() function to see the output as in the file.
Add - echo "TO : ".htmlspecialchars($data["To"]);
When using Abrahams/TwitterOAuth library, special HTML characters are placed in a Tweet.
$content = "test's";
$params = array(
"status" => $content
);
$result = $connection->post("statuses/update", $params);
results in
test's
within the posted Tweet status.
A vardump($content) in the browser reveals test's as expected.
I've tried html_entity_decode and htmlspecialchars_decode but neither work for the posted Tweet.
You need to tell it explicitly to convert the quotes. This is done with ENT_QUOTES.
Example:
echo htmlspecialchars_decode('test's',ENT_QUOTES) . "\n";
echo htmlspecialchars_decode('test's');
Output:
test's
test's
Demo: https://eval.in/426992
There are also other constants that can be used if you only want to decode single quotes etc. See the manual for more information, http://php.net/manual/en/function.htmlspecialchars-decode.php.
ENT_QUOTES Will convert both double and single quotes.
$content = "test's";
$content = htmlspecialchars_decode($content, ENT_QUOTES);
works for me.
Thanks chris85!
So I receive variable replace it in certain area in txt file and save it back. I get page number and according to it I get exploded data. Anyway I'll post a code below to make it more clear:
$pgnm = $_GET['page']; //This is the page number as I've said.
$conts = file_get_contents("content.txt");
the content of content.txt looks like this:
text1|text2|text3
I display this content in certain pages. For example on first page: text1, on second text2, etc.
Now i'm working on a form where I successfully change these. I get as I've said page number and text:
$text = "new text"; //this is the content which I want to be replaced instead of text2.
I make the content.txt file look like this after its saved: text1|new text|text2
So lets go on:
$exp = explode("|", $conts); //this explodes data into slashes.
$rep = str_replace($exp[$pgnm], $text, $conts);
file_put_contents("content.txt", $rep); // Saving file
All these above-mentioned operations work perfectly, but here's my problem now. This only works if content.txt has certain content, if it's empty it enters my new text and that's all: 'new text' and that's all. Maybe I want to add second page content 'new text2' and after I finish entering it and save I want the file to be displayed like this: new text|new text2. If the content of content.txt looks like this: 'new text|' str_replace doesn't replace empty string. So that's my another problem too.
I tried everything, but couldn't manage to anything about this two problems. Thank you in advance for your help!
Why don't you use your $exp array for building the content. I mean $exp contains all the blocks as an array() one by one. So you just change, or add new values to the array (no str_replace() needed). Then rebuild using implode('|',$exp);.
As for your code;
$exp = explode("|", $conts); //this explodes data into slashes.
$exp[$pgnm] = $text;
file_put_contents("content.txt", implode('|',$exp)); // Saving file
Instead of str_replace use this code:
$pgnm = 1;
$text = 'new text';
$conts = 'text1||text3';
$exp = explode('|', $conts);
$exp[$pgnm] = $text;
$rep = implode('|', $exp);
var_dump($rep); // string(20) "text1|new text|text3"
I'm pretty new to PHP so please bear with me for this one.
I have an array with emoticons, and I want to replace the emoticon text with the correct image, all within a for loop. So I'm trying to take my text variable and do a str_replace, but I'm not sure exactly how to display the text after the emoticons have been changed.
Here is my code:
$content = ":D Here is a sample sentence for this example :)";
$emotes = array(
[":)","<img class='emoticon' src='smile.png'>"],
[":D","<img class='emoticon' src='grin.png'>"],
);
for($i=0;$i<count($emotes);$i++) {
$contentWithEmotes = str_replace($emotes[$i][0], $emotes[$i][1], $content);
}
print $contentWithEmotes;
The problem this this is that it only displays the last image from the array, when I want it to display both of them.
How should I go about displaying the content with the correct image?
Thanks in advance for any help.
Restructure your array like this:
$emotes = [
":)"=>"<img class='emoticon' src='smile.png' />",
":D"=>"<img class='emoticon' src=grin.png' />"
];
Then use strtr:
$contentWithEmotes = strtr($content,$emotes);
Each time through the loop you need to process the result of the previous time, not the original content.
$contentWithEmotes = $content;
foreach ($emotes as $emote) {
$contentWithEmotes = str_replace($emote[0], $emote[1], $contentWithEmotes);
}
However, the strtr() solution is better.
This is a follow-up question to the one I posted here (thanks to mario)
Ok, so I have a preg_replace statement to replace a url string with sometext, insert a value from a query string (using $_GET["size"]) and insert a value from a associative array (using $fruitArray["$1"] back reference.)
Input url string would be:
http://mysite.com/script.php?fruit=apple
Output string should be:
http://mysite.com/small/sometext/green/
The PHP I have is as follows:
$result = preg_replace('|http://www.mysite.com/script.php\?fruit=([a-zA-Z0-9_-]*)|e', ' "http://www.mysite.com/" .$_GET["size"]. "/sometext/" .$fruitArray["$1"]. "/"', $result);
This codes outputs the following string:
http://mysite.com/small/sometext//
The code seems to skip the value in $fruitArray["$1"].
What am I missing?
Thanks!
Well, weird thing.
Your code work's perfectly fine for me (see below code that I used for testing locally).
I did however fix 2 things with your regex:
Don't use | as a delimiter, it has meaning in regex.
Your regular expression is only giving the illusion that it works as you're not escaping the .s. It would actually match http://www#mysite%com/script*php?fruit=apple too.
Test script:
$fruitArray = array('apple' => 'green');
$_GET = array('size' => 'small');
$result = 'http://www.mysite.com/script.php?fruit=apple';
$result = preg_replace('#http://www\.mysite\.com/script\.php\?fruit=([a-zA-Z0-9_-]*)#e', ' "http://www.mysite.com/" .$_GET["size"]. "/sometext/" .$fruitArray["$1"]. "/"', $result);
echo $result;
Output:
Rudis-Mac-Pro:~ rudi$ php tmp.php
http://www.mysite.com/small/sometext/green/
The only thing this leads me to think is that $fruitArray is not setup correctly for you.
By the way, I think this may be more appropriate, as it will give you more flexibility in the future, better syntax highlighting and make more sense than using the e modifier for the evil() function to be internally called by PHP ;-) It's also a lot cleaner to read, IMO.
$result = preg_replace_callback('#http://www\.mysite\.com/script\.php\?fruit=([a-zA-Z0-9_-]*)#', function($matches) {
global $fruitArray;
return 'http://www.mysite.com/' . $_GET['size'] . '/sometext/' . $fruitArray[$matches[1]] . '/';
}, $result);
i write it again, i don't understand good where is the error, the evaluation of preg results is very weird in php
preg_replace(
'|http\://([\w\.-]+?)/script\.php\?fruit=([\w_-]+)|e'
, '"http://www.$1/".$_GET["size"]."/sometext/".$fruitArray["$2"]."/";'
, $result
);
It looks like you have forgotten to escape the ?. It should be /script.php\?, with a \? to escape properly, as in the linked answer you provided.
$fruitArray["\$1"] instead of $fruitArray["$1"]