It's a very simple question. I have a textarea. In this textarea are names. Every name in a new row.
Brad Pitt
LMFAO
Green Day
and so on...
I would like to put this names in a database. I tried it with explode() and foreach, but it didn't work. :/
Here is the code:
$kilencedik=array();
$kilencedik=explode('\n',$_POST['9']);
foreach($kilencedik as $nev9) {
$adat9 = pg_escape_string($nev9);
pg_query($kapcsolodas, "INSERT INTO diakok (nev, ev) values ('$adat9', '9')");
}
I'm using postgreSQL with PHP.
It's a ' problem change '\n' to "\n".
Try using explode(PHP_EOL, $_POST['9']);
Using PHP_EOL is more compatilbe across platforms.
If you don;t want to use that you need to at least use double quotes around the \n instead of single quotes. Using double quotes, PHP will interpret that as the newline character whereas using single quote will look for literal \n as string segment to explode on.
Related
I have migration using phinx, above picture is the data seed.
(I just boxed out some sections, sorry for it)
As you can see, there are blue color characters which are
not recognized and I don't know why...
They are within double quotes " " and I think all kind of quotes (", ', `) match correctly
but when I do
$ php phinx migrate
the result turns to be like this:
Somehow those blue characters are recognized as variables instead of strings? Any guess for the possibilities will be appreciated. I'm using VSCode(don't think I have to say this but... yes)
When inside double quotes, PHP interprets $something as a variable, so in your migration code PHP tries to get the value for all those blue values in the picture.
In order to get it to work, you need to either use single quotes and escape every single single quote inside the queries, or keep your double quotes and escape only the dollar signs (when applicable).
<?php
$a = "test";
echo "this is a $a"; // this is a test <-- this is what's happening to you
echo 'this is a \'$a\''; // this is a '$a' <-- one option
echo "this is a \$a"; // this is a $a <-- another opcion
So it would look something like this:
$this->execute("INSERT INTO table (email, password) VALUES ('email#test.com', '\$2y\$10\$aerjgap2341234ommubi1234123');
About 2 of some of the Websites we did got hacked. We spent hours trying to see what went wrong. The loophole was the str_replace vs \0 the [Null Char] .
While using str_replace with Single Quotes ['].
Something like:
$str = 'java\0scr\0ip\0t:alert(\"XSS\")';
$clean_null_chars = str_replace('\\0','_[_blabla_]_',$str);
//Show the cleaned version
var_dump($clean_null_chars); // string 'java_[_blabla_]_scr_[_blabla_]_ip_[_blabla_]_t:alert(\"XSS\")' (length=62);
echo $clean_null_chars; //java_[_blabla_]_scr_[_blabla_]_ip_[_blabla_]_t:alert(\"XSS\")
However, using str_replace with Double Quotes ["], Nothing happens
Something like:
$str= "java\0scr\0ip\0t:alert(\"XSS\")";
$clean_null_chars = str_replace('\\0','_[_blabla_]_',$str);
//Show the cleaned version
var_dump($clean_null_chars); //string 'java�scr�ip�t:alert("XSS")' (length=26);
// ....[Notice the _Null Char_ rendered as question marks in var_dump]
echo $clean_null_chars;// javascript:alert("XSS")
Thus some genius managed to abuse the loophole.
Is this a normal behavior for str_replace when either Single Quotes or Double Quotes are involved?
here http://php.net/manual/en/function.str-replace.php they use both ['] and ["] no mention of different behaviors.
Any Ideas??
I am downloading my data from MySQL to .csv format. I am having no problem using mysql_real_escape_string(), but this function removes any commas or formatting characters that exist in my data.. So the .csv structure is maintained, but my grammatical characters (such as commas) are expectantly removed.
mysql_real_escape_string doesn't REMOVE data. It simply makes a string safe to insert into an SQL query. Standard rules for CSV is the enclose any string containing commas in double-quotes, so
This is my comma , containing string
becomes
"This is my comma, containing string"
in the CSV output. And any fields containing double-quotes should have the quotes doubled:
This is my "little" friend
becomes
This is my ""little"" friend
Enclosing each field with double quotes helps.
A function to convert an array to CSV:
function arr2csv($twoDaray) {
foreach($twoDarray as $k=>$v) {
$row=implode('","',$v);
echo '"'.$row.'"'.chr(10).chr(13);
}
}
I solved this by wrapping the entire string in quotes, then individually wrapping quotes and commas to maintain the formatting:
...
$csv_output .= "\"" . eregi_replace("\"", "\"\"", stripslashes($rowr[$j])) . "\",";
...
You'll note that I strangely applied stripslashes(). Unfortunately the script I am working on only works in php4, and so slashes are added by default settings of the .ini. So I just strip them out.
I'll also probably replace eregi_replace() with str_replace() as I believe it's deprecated.
Anyhow. The above solution works to remove commas and slashes and maintains them where
I am looking for the best way to strip single quotes as it keeps breaking my important.
so
The image’s emotiveness enables
only comes through as
The image
It breaks at the single quote ' .I need a good way to strip out the tags can someone help.
I have looked at stripslashes();
Whats the best way function to stripout , - £
any help please.
MANAGED TO FIX IT>
Thank you for your help people i manage to fix it using the following function.
string utf8_encode ( string $data )
Cant figure out why it was coming out in that format from the database all i can think is it 6 years old website.
;)
I'm not 100% certain because PHP isn't my forte, but I think you need to look at something like urlencode(). This will encode all the special characters properly.
Note: This will remove all single quotes!
str_replace("'", "", $your_string);
example:
$your_string = "The image’s emotiveness enables.";
echo str_replace("'", "", $your_string);
output
The images emotiveness enables.
If you want to keep single quotes in string you should consider using real escape functions (recommended).
It sounds like what you really want is to encode the single quotes, not remove them. On the assumption that you are inserting into the MySQL database, look into mysql_real_escape_string.
The best way to get rid of specific characters is using str_replace.
To remove all single quotes from a string:
$noQuotes = str_replace("'", '', $stringWithQuotes);
There is several ways, depending on what are you doing.
You could use addslashes to escape all single / double quotes. You can unescape it with stripslashes later.
If you are planning on saving those data into MySQL database, you should use mysql_real_escape_string.
If you want to output data on HTML page, use htmlspecialchars to convert all special characters into HTML entities.
The next way is to use str_replace to remove all quotes, as few other people in this thread already mentioned.
I have a php string with a lot of information to be displayed inside a textarea html element.
I don't have access to that textarea nor to the script (if any) that generates it.
$somestring = 'first line \nSecond line \nThird line.';
$somestring as NOT been "worked" with trim or filter_var. Nothing.
On the textfield, I get the \n printed on the textarea hence, not interpreted.
What can I try in order to have those new lines applied?
Thanks in advance.
Try wrapping $somestring with " (double quotes) instead of ' (single quotes)
\n, \r and other backslash escape characters only works in double quotes and heredoc. In single quotes and nowdoc (the single quote version of heredoc), they are read as literal \n and \r.
Example:
<?php
echo "Hello\nWorld"; // Two lines: 'Hello' and 'World'
echo 'Hello\nWorld'; // One line: literally 'Hello\nWorld'
echo <<<HEREDOC
Hello\nWorld
HEREDOC; // Same as "Hello\nWorld"
echo <<<'NOWDOC'
Hello\nWorld
NOWDOC; // Same as 'Hello\nWorld' - only works in PHP 5.3.0+
Read more about this behaviour in the PHP manual
EDIT:
The reason single and double quotes behave differently is because they are both needed in different situations.
For instance, if you would have a string with a lot of new lines, you would use double quotes:
echo "This\nstring\nhas\na\nlot\nof\nlines\n";
But if you would use a string with a lot of backslashes, such as a file name (on Windows) or a regular expression, you would use single quotes to simplify it and avoid having unexpected problems by forgetting to escape a backslash:
echo "C:\this\will\not\work"; // Prints a tab instead of \t and a newline instead of \n
echo 'C:\this\would\work'; // Prints the expected string
echo '/regular expression/'; // Best way to write a regular expression
$somestring = "first line \nSecond line \nThird line.";
http://php.net/types.string <-- extremely useful reading
this article is a cornerstone of PHP knowledge and it's just impossible to use PHP without it.
unlike most of manual pages which are are just for quick reference, this very page is one which every developer should learn by heart.