I am developing some project, where I have postgre database. PHP is 5.3 (cannot be updated, because it is quite big webpage), so pg_escape_literal is not supported. I google everything about it, but didn't find anything interesting - couldn't find some PHP escape_literal function. I also tried pg_escape_string, but as far as I tested it, it doesn't work (when I printed whole string, escaped by pg_escape_string, it shows some slashes, which broke sql statement, and any removal with functions didn't work).
EDIT: I found this, but I don't know if this is really just what escape_literal does -
https://searchcode.com/codesearch/view/11003494/
pg_escape_literal($dbcnx, $string) should be equivalent to:
"'" . pg_escape_string($dbcnx, $string) . "'"
Related
I'm having the weirdest issue. I've tried referencing other similar answers here, but none seem to fix my issue.
I have the following regex in PHP
/if\s+(?:(.*?)\s*==\s*(?:UrlStatus|DeadURL)|in_array\s*\((?:UrlStatus|DeadURL),\s*(.*?)\s*\))\s*then\s+local\s+arch_text\s+=\s+cfg.messages\['archived'\];(?:(?:\n|.)*?if\s+(?:(.*?)\s*==\s*(?:UrlStatus|DeadURL)|in_array\s*\((?:UrlStatus|DeadURL),\s*(.*?)\s*\))\s*then\s+Archived = sepc \.\.)?/im
It's a messy regex I know, it's supposed to parse code from a module of various versions from different location. It works perfectly in regex101, but preg_match returns false, indicating an error occured. The regex you see is pulled straight from a var_dump. Also pulled from the var_dump is the string being tested. I have included the excerpt that is supposed to match it below.
if is_set(ArchiveURL) then
if not is_set(ArchiveDate) then
ArchiveDate = seterror('archive_missing_date');
end
if "no" == DeadURL then
local arch_text = cfg.messages['archived'];
if sepc ~= "." then arch_text = arch_text:lower() end
Archived = sepc .. " " .. substitute( ```
In the full block of text it takes 81,095 steps to match.
Could it have something to do with that?
Getting a read from preg_last_error(), it returned 6, which maps to the constant PREG_JIT_STACKLIMIT_ERROR.
PHP 7 uses a JIT compiler for preg_match with a small stack size limit. Disabling it allows preg_match to do its job.
This can be done in the php.ini file, or on the fly in the script by using ini_set( 'pcre.jit', false );
$search = 'C:\xampp1.7.7\htdocs\myproject\uploads/files/temp-ds-original';
$subject = 'C:\xampp1.7.7\htdocs\myproject\uploads\files\temp-ds-original\32bd76470cff973ec873d43a4e84dd2f.jpg';
echo str_replace($search, '', $subject);
It just prints $subject without doing any replacements. I thought it could be due to some php version issue as it was on a php 5.3 but then I moved to php 7.2 but still the same result. Not sure what's going wrong here?
Is it something to do with the slashes?
I have hardcoded string values above but in the actual script, I am using $f->getRealPath() to get subject and search. $f is an object of RecursiveIteratorIterator
EDIT
As soon as I posted this question, I could spot the issue as code highlighting made it quite clearer to see that slashes don't match - which means str_replace considers it a non-match. What I am trying to achieve is get relative path which in above example is \32bd76470cff973ec873d43a4e84dd2f.jpg ... the code is here at line 48 https://gist.github.com/bubba-h57/5117694
The above output is on a Windows machine but I will be using this script later on a Linux server. So I need to think about how to get the paths consistent so that str_replace can do the replacement correctly. $search is something I provide manually where $subject is being retrieved automatically using $f->getRealPath().
Update and Answer of my question
I don't believe this question is duplicate to the linked question. People are quick here to show off their skills without paying due attention to details. :)
It turned out to be a simple solution. All I need to do is use realpath() i.e. $search = realpath($search); which gives me the correct result.
Just so that it helps anyone -
$search = 'C:\xampp1.7.7\htdocs\myproject\uploads/files/temp-ds-original';
$subject = 'C:\xampp1.7.7\htdocs\myproject\uploads\files\temp-ds-original\32bd76470cff973ec873d43a4e84dd2f.jpg';
echo str_replace($search, '', $subject);
Output was:
C:\xampp1.7.7\htdocs\myproject\uploads\files\temp-ds-original\32bd76470cff973ec873d43a4e84dd2f.jpg
However I was expecting to be:
\32bd76470cff973ec873d43a4e84dd2f.jpg
I failed to notice the slashes mismatch and therefore str_replace was not at fault at. Importantly, I wasn't trying to get the filename only which I could get from basename() or other methods so I needed to get the slashes right.
All I needed to was to use PHP's realpath() i.e.
$search = realpath($search);
That's it. However, you need to be careful that it only worked for me because I was parsing an actual path i.e. the folder in the $search existed on the disk. So, if you tried to parse a path string which is dummy or not a real directory, realpath() would return empty or false.
you have to do this
you have to use doble backslash if you use only one dont work !
result:
You could just use the same search always
(eg: $search = 'C:\xampp1.7.7\htdocs\myproject\uploads\files\temp-ds-original';)
then change the subject's slashes by using str_replace('/','\',$subject);
Or you could detect the OS and then use the matching $search
You can do this by checking the PHP Constant PHP_OS (Documentation in the link)
I hope that solves it.
I'm trying to check if file exists or not. I tried simple http URL for the task but file_exists() does not support (my php version is 5.5.12 and allow url fopen is activated ).
So i tried in different way and its working, see below
if(file_exists(__DIR__.'\email_template.php')) {
echo 'Template is available.';
}
Problem is that i'm adding template name dynamically and i need backslash between __DIR__ and $temp_name but i can't concatenate properly. I tried below
$__DIR = __DIR__.'\';
$__DIR = __DIR__.'"\"';
$__DIR = __DIR__."\";
But no one is working, its return syntac error. So can anyone guide me how can i fix the issue i would like to appreciate. Thank you
Try this:
$__DIR = __DIR__.'\\';
Backshlash is special char in PHP (and other languages as well), that is used for noting that chars after them should be interpreted in special way - and is named "escape char".
You do not want this to happen, so You should escape backshlas... By using one more backshlash. ;)
You can read more here.
Another option is to use the pre-defined constant DIRECTORY_SEPARATOR.
$__DIR = __DIR__ . DIRECTORY_SEPARATOR;
This way your code is more portable between operating systems, which may or may not be of concern to you.
I want to escape the special character from this solr query
stringfield:/"name":"Elan"/.
I try this one
stringfield:/\".name.\":\".Elan.\"/
but its not working.Is there any other ways to solve this ?
I'm still not getting your setup, but I guess you do a bit too much escaping. And the query in your question looks kind of odd concerning the addressing of fields.
A filter query should only consist of field:value, not field1:field2:value or something...
As a tip, try to assemble the URL manually and get it working. Or use the Solr Admin UI, where you can assemble your query in a form-based manner. You'll also get the query URL from there.
Have you tried to print the URL you assemble in your PHP code and invoke it manually?
Your query URL should look simply like this:
http://localhost:8983/solr/mycore/select?q=*&fq=myfield:"myvalue"
or URL-escaped:
http://localhost:8983/solr/mycore/select?q=*&fq=myfield%3A%22myvalue%22
I guess, your PHP code should look like this:
$solrq .= '&fq=stringfield:"' . urlencode($_POST['name']) . '"';
where $_POST['name'] is hopefully just Elan.
I'm using PHP and MySQL to power a basic forum. When users use the apostrophe (') or insert links into their post, the mysql_real_escape_string function is adding \ to the text. When displaying the post, the links don't work, and all the apostrophe's have a \ before it.
Is the problem that I am not doing something before outputting the text or is the issue that I'm not cleaning the data properly before writing to MySQL?
Are magicquotes turned on? You can check quickly by creating a PHP page like so:
<?php var_dump(get_magic_quotes_gpc()) ?>
If the page says something like int(1), then the culprit isn't mysql_real_escape_string, but PHP itself. It was a security feature, but not very secure, and mostly just annoying. Before you sanitize each variable, you first need to undo the slashing with stripslashes.
You can also turn off magic quotes by using this:
if ( version_compare(PHP_VERSION, '5.3.0', '<') ) {
set_magic_quotes_runtime(0);
}
It will turn magic quotes off when your server is running any version of php less than 5.3.0.