This question already has an answer here:
How to turn off magic quotes in PHP configuration file? I am using XAMPP
(1 answer)
Closed 9 years ago.
My PHP page is accepting a parameter in the URL. This parameter is being assigned to a variable as follows:
$msg = $_REQUEST["msg"];
When the HTTP request is sent to the website, the parameter is sent as "hello'", but when it gets to the PHP variable above it becomes "hello\'".
Why is the backslash being inserted and what is inserting it? Is it the web server? How can I prevent this happening?
Magic Quotes is running on you server. You should use stripslashes($text) function:
if(get_magic_quotes_gpc())
$msg = stripslashes($_REQUEST["msg"]);
else $msg = $_REQUEST["msg"];
It is being appended cause your single quote sign is a part of the string. If it would not be escaped - that's the meaning of the backslash - it might be that your string definition is terminated too soon.
Related
This question already has answers here:
PHP - Plus sign with GET query
(6 answers)
Obtain $_GET value have plus ('+') Character in PHP
(4 answers)
Is it possible to preserve plus signs in PHP $_GET vars without encoding?
(7 answers)
Closed 6 months ago.
I have a URL string like https://example.com/path/?welcome_screen=1&email_address=something+else#example.com
In PHP, I call <?php echo $_GET['email_address']; ?>
Which produces something else#example.com
Specifically, a space instead of the + in the email address.
Is this expected?
If so, is there a way to prevent this from happening in the echo code above?
Or should it be handled when collecting the email address somehow?
Yes, + is one way to represent a space character in a URL. PHP automatically URL-decodes the value when it creates the $_GET data and converts it to a space, as it assumes that's what the value is supposed to represent in the raw URL.
No, it's too late by then.
Yes, you should URL-encode the value before including it in the URL, so that the + is not treated as a special character. If PHP is generating the URL, you'd use the urlencode() function. Most other programming languages have equivalent built-in functions.
This question already has answers here:
How do I escape an exclamation mark in bash?
(4 answers)
Closed 2 years ago.
I want to pass a string to a php script which contains ! character. Like this
php cfg.php --name=smtppass --set="MYW!ORD"
But I get this error
bash: !ORD: event not found
On the other hand, if I pass "MYW\!ORD", I see this string is set when I query the file
smtppass MYW\!ORD
Any idea to fix that?
You could pass it like this:
php cfg.php --name=smtppass --set="MYW"'!'"ORD"
or a more lazy way would be to use single quotes.
php cfg.php --name=smtppass --set='MYW!ORD'
This happens because of Bash's history expansion, which is sometimes very dangerous, you could turn this feature off by typing set +H.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Why is PHP not replacing the variable in string?
I have been trying to execute this line echo exec('hi.exe $file',$results,$status); from Php. where the value assigned to $file is the filename hi.txt (i.e. $file = hi.txt).
But each time i try to run my code with the same line, its showing error as $file file not found where as if i run the same hi.exe hi.txt in a command prompt its working.
And also if i try to run the same line with the filename instead of a variable from php i.e.exec('hi.exe hi.txt',$results,$status), the browser keeps executing for long time without giving the output.
Please someone tell me where i am going wrong!
You are using single quotes, instead of double quotes. Change echo exec('hi.exe $file',$results,$status); to:
echo exec("hi.exe $file",$results,$status);
or use a dot, like this:
echo exec('hi.exe '.$file,$results,$status);
In PHP, using single quotes won't turn $file into hi.txt; it just stays as the literal string, "$file". Use double quotes or dot concatenation to actually expand $file into hi.txt
Single quotes don't expand variables. You probably mean:
echo exec("hi.exe $file",$results,$status);
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Difference between single quote and double quote string in php
Hey I'm having trouble inserting page content into my database.
I'm trying to store:
<p class=\"heading_large\"><?php echo $Topic2C2A[data]; ?></p>
Using this code:
$sql="UPDATE event SET
data='<p class=\"heading_large\"><?php echo $Topic2C2A[data]; ?></p>'
WHERE id='2'";
But when I look at the table all I see is:
<p class="heading_large"><?php echo ; ?></p>
I've obviously escaped the HTML with slashes, is there something similar I need to do with the PHP so $Topic2C2A[data] is displayed?
I would suggest you write your $sql as:
$sql="UPDATE event SET data='<p class=\"heading_large\">".$Topic2C2A[data]."</p>' WHERE id='2'";
Your issue is related to the fact PHP is processing variables inside " (double) quotes.
You can change quotes to ' (single) or another option is to change $Topic2C2A[data] to \$Topic2C2A[data].
Did you try mysqli_real_escape_string()? It should return a fully escaped String!
This question already has answers here:
How do I pass variables and data from PHP to JavaScript?
(19 answers)
Closed 8 years ago.
<button class="addToPlaylist" onclick="javascript:myPopup(<?php echo $videos[$counter]?>);
return false;">+</button>
I have a button on an image as a html hyperlink. I want to perform different actions on hyperlink and button. The above code works whenever I do not pass the PHP variable using echo. When i pass PHP variable, the button also performs the same action as of the hyperlink, that means return false does not work.
Any idea why the return false; does not work when i pass PHP variable?
This should be:
<button class="addToPlaylist" onclick="javascript:myPopup('<?php echo $videos[$counter];?>');return false;">+</button>
Note the single quotes in myPopup. As you pass a string to myPopup, you will need to enclose it with single quotes. (Double won't work as there is already double quotes for the onclick)
I am quite sure $videos[$counter] is not numeric, but a string. In this case you have to write the quotes:
onclick="javascript:myPopup('<?php echo $videos[$counter]?>');
And make sure, $videos[$counter] doesn't contain any, something like
onclick="javascript:myPopup('<?php echo addslashes($videos[$counter])?>');
comes to mind.
onclick="javascript:myPopup("";return false;" . This should work and i think it's more clear where you have javascript code and php code.