Hi I have a dropdown that needs to be saved in a MYSQL table, and this happens thru this code:
$pjt_table = 'music_fisica';
$full_pjt_save = array(
'physical_format_vinile' => $this->input->post('formato_vinile'),
);
$pjt_save = array(
'user_id' => $this->session->userdata('user_id'),
'id_acquisto' => $this->input->post('id_acquisto'),
'pjt_name' => $this->input->post('pjt_name'),
'pjt_type_name' => $pjt_table,
'pjt_table' => $pjt_table
);
//Full Project
$added_fields = $full_pjt_save+array('last_mod' => time());
$this->db->where('id_acquisto', $this->input->post('id_acquisto'));
//$this->db->set('physical_format_vinile', $this->input->post('formato_vinile'), FALSE);
$save_full_pjt_to_db = $this->db->update('progetti_'.$pjt_table, $added_fields);
$pjt_table_id = $this->db->insert_id();
$this->db->where('id_acquisto', $this->input->post('id_acquisto'));
$this->db->update('progetti', array('distrib_fisica' => '1'));
$exist_pjt = $this->db->get_where('progetti_'.$pjt_table, array('id_acquisto' => $this->input->post('id_acquisto')));
The problem is that the dropdown contains a double quote and get cut off when saved to the table.
And this 45 Giri (7" Singolo, 45 Giri) becomes this 45 Giri (7.
I tried changing the config adding the double quotes
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-\"';
but this doesn't change anything. I tried the XSS filtering false
$config['global_xss_filtering'] = FALSE;
also this doesn't change a thing.
Any suggest?
Search and replace the double quote with " the html equivalent.
Something like:
$yourVariable= str_replace('\"', '"', $yourVariable);
not tested
I solved it, the mistake was in the HTML:
<option value="<?= $value ?>"><?= $value ?></option>
This actually broke the value double quotes due to the item.
Tks everybody.
Related
we have a PHP script that exports orders to .csv files. The system we are exporting too requires each field to be encapsulated in quote marks.
Here is the code where we set each field.
$order_data = array(
'type' => "H",
'order_type' => 'HOME',
'order_date' => $order->order_date,
'account_code' => "REAL",
'document_reference' =>'',
'reference1'=>'',
'reference2'=>'',
'delivery_addess_code'=> '',
'billing_first_name' => $order->billing_first_name ." ".$order->billing_last_name,
'billing_address_1' => $order->billing_address_1 ." ".$order->billing_address_2,
'billing_postcode' => $order->billing_postcode,
'delivery_tel_no'=> $order->billing_phone,
'delivery_contact'=> $order->billing_first_name,
This outputs;
H,HOME,"2015-05-13 13:19:46",REAL,,,,,"Ben Bull","Address 1 Address2",
Some are surround by "" and some aren't how do we get them all to be?
For CSV output, you need to enclose all the values with double quotes. In addition, if the values have double quotes inside them you need to escape those double quotes by using two consecutive double quotes. That's how CSV works.
Check this PHP function below.
function makeCSV($value) {
//Encloses each token (Before and after)
$CSV_TOKEN_ENCLOSER = '"';
//Used to escape the enclosing character if inside the token
$CSV_TOKEN_ENCLOSER_ESCAPER = '""';
//Escape the encloser inside the value
$csv_value = str_replace($CSV_TOKEN_ENCLOSER, $CSV_TOKEN_ENCLOSER_ESCAPER, $value);
//Enclose the value
$csv_value .= $CSV_TOKEN_ENCLOSER . $csv_value . $CSV_TOKEN_ENCLOSER;
//Return
return $csv_value;
}
This does the job as I've explained in the first paragraph. You can use it as such in your case:
$order_data = array(
'type' => makeCSV("H"),
'order_type' => makeCSV('HOME'),
'order_date' => makeCSV($order->order_date),
...
);
However, it looks like you have code that's enclosing the values from your order objects within quotes automatically for you. I suggest you avoid that code, replace that with the usage of the makeCSV function presented above, and then finally just use a standard PHP implode call to get your CSV like this:
$comma_separated_csv = implode(",", $order_data);
Hope this helps.
Cheers.
Try to force all types to string like:
'order_type' => (string) 'HOME'
I have this problem in finding a solutions in Disallowed Key Characters in CodeIgniter. My problem is, I want that the £ sign will be passed in through my url.
For example,
I have this product testing-product-nutella.
I want to add a £ sign besides testing-product-nutella£ somewhat like that.
here is my code below
//---------------------------------------------------------------------------------//
//--------------------------> Build the product list data--------------------------//
//---------------------------------------------------------------------------------//
$prod_list = Array();
foreach($prods_query as $prod)
{
//echo htmlentities($prod['prod_name']);
//print_r($prod);
//$prod_name_url = Make_into_url($prod['prod_name']);
$prod_name_url = htmlentities($prod['prod_name']);
print_r($prod_name_url);
// get the minimum order quantity and price from db
if ($min_price = $this->Price_model->Get_listing_price($prod['prod_id']))
{
$min_order_qty = $min_price['qty_value'];
$min_order_price = $min_price['price_amount'] > 0 ? number_format($min_price['price_amount'], 2) : false;
}
else
{
// this shouldn't happen but just in case...
$min_order_qty = "";
$min_order_price = "";
}
// get the default image for the product from the database
$default_pic_row = $this->Picture_model->Get_default_product_picture($prod['prod_id']);
// get a list of all the special categories that a product is in
$product_spec_cats = $this->Special_category_model->Get_product_special_cats($prod['prod_id']);
// is the product on special offer, if so, get the details
$product_spec_off = $this->Special_offer_model->Get_product_special_offer_details($prod['prod_id']);
$nameUrl = urlencode($prod_name_url);
echo "<pre>";
echo $nameUrl;
echo "</pre>";
$prod_list[] = Array(
"prod_id" => $prod['prod_id']
,"prod_name" => urldecode($nameUrl)
,"prod_min_price" => $min_order_price
,"prod_min_qty" => $min_order_qty
,"prod_desc" => $prod['prod_desc']
,"prod_code" => $prod['prod_code']
,"prod_pic_thumb" => $default_pic_row['pic_thumb']
,"product_colours_image" => ""
,"prod_spec_cats" => $product_spec_cats
,"prod_spec_off" => $product_spec_off
);
}
When I tried to add a £ sign it says Disallowed Key Characters. I want that when I add a special characters and passed in the url the product will display by having the special characters.
I tried to see the files in system/libraries/Input.php file and tried to change a lil bit on the code in function _clean_input_keys but it didnt work. Can someone help me figured this thing out? Any help is muchly appreciated.
TIA
You have to url encode the pound sign. Build your url string and then pass it to the php urlencode($url) function which will convert it into allowed characters: "%a3" for a "£"
To retrieve it use urldecode($url)
I have code like
$m_strOutput= "{\"success\":true,\"results\":" . $m_objQuery->num_rows() . ",\"rows\":";
$m_strOutput = $m_strOutput . json_encode($m_objQuery->result());
$m_strOutput = $m_strOutput . "}";
But some data already has double quotes in it. So it breaks my views where i try to parse it. How do i solve this double quotes problem.
Two things:
This is not a problem of double quote. You'll have syntax error to put a value into a JSON object without a key.
You should let json_encode do all the jobs for you.
Codes that might fit your case:
<?php
$m_strArr = array(
'success' => true,
'results' => $m_objQuery->num_rows(),
'rows' => $m_objQuery->result(),
);
$m_strOutput = json_encode($m_strArr);
?>
woe be me...
I don't know whats happened but suddenly slashes are being added to strings in the request object.
I'm passing ID = "1" to the server;
I make up the where clause.
$where = array( 'ID' => $_REQUEST['ID']);
$result = $wpdb->update($this->the_table, $dbfields, $where);
Somehow slashes are being added and thusly the where clause doesn't match.
How can I get rid of the rascals?
I've tried
$where = array( 'ID' => stripslashes($_REQUEST['ID']));
and
$where = array( 'ID' => stripslashes_deep($_REQUEST['ID']));
PHP Version 5.2.17
php.ini
magic_quotes_gpc
On On
magic_quotes_runtime
Off Off
magic_quotes_sybase
Off Off
Any help much much much appreciated.
UPDATE----------------
I've turn magic_quotes_gpc off but still no joy.
if I hard code this
$where = array( 'ID' => "1");
It works fine.
However using this -
$id = stripslashes($_REQUEST['ID']);
$where = array( 'ID' => $id);
no updates are made.
If I echo out $where.
It looks like "1" - no problem.
Head scratching stuff! Worked fine a day ago.
Turn off magic_quotes_gpc.
Some methods of achieving that here - http://php.net/manual/en/security.magicquotes.disabling.php
$embedCode = <<<EOF
getApplicationContent('video','player',array('id' => $iFileId, 'user' => $this->iViewer, 'password' => clear_xss($_COOKIE['memberPassword'])),true)
EOF;
$name = str_replace($embedCode,"test",$content);
I'm trying to replace a section of code with another piece of code. I can do it with smaller strings but once I added the larger strings to $embedCode, it throw an "unexpected T_ENCAPSED_AND_WHITESPACE" error
you should unescape the $ using \$
$embedCode = <<<EOF
getApplicationContent('video','player',array('id' => \$iFileId, 'user' => \$this->iViewer, 'password' => clear_xss(\$_COOKIE['memberPassword'])),true)
EOF;
IF your objective is to use the vars name, if you want to use the real value of the variables, then the problem is in $this->iViewer...
remove ' around the memberPassword near the $_COOKIE
anyway seems you're looking for language construction that not interprets variable inside - so then you have to use not HEREDOC syntax - but regular string definition limited with '
$sample = 'qwe $asd zxc';
or escape $ with \ as Marcx propose below