woe be me...
I don't know whats happened but suddenly slashes are being added to strings in the request object.
I'm passing ID = "1" to the server;
I make up the where clause.
$where = array( 'ID' => $_REQUEST['ID']);
$result = $wpdb->update($this->the_table, $dbfields, $where);
Somehow slashes are being added and thusly the where clause doesn't match.
How can I get rid of the rascals?
I've tried
$where = array( 'ID' => stripslashes($_REQUEST['ID']));
and
$where = array( 'ID' => stripslashes_deep($_REQUEST['ID']));
PHP Version 5.2.17
php.ini
magic_quotes_gpc
On On
magic_quotes_runtime
Off Off
magic_quotes_sybase
Off Off
Any help much much much appreciated.
UPDATE----------------
I've turn magic_quotes_gpc off but still no joy.
if I hard code this
$where = array( 'ID' => "1");
It works fine.
However using this -
$id = stripslashes($_REQUEST['ID']);
$where = array( 'ID' => $id);
no updates are made.
If I echo out $where.
It looks like "1" - no problem.
Head scratching stuff! Worked fine a day ago.
Turn off magic_quotes_gpc.
Some methods of achieving that here - http://php.net/manual/en/security.magicquotes.disabling.php
Related
The question seems quite simple, but I've tried everything that I've read and nothing worked
I have this example url: localhost/test/{"user":"test","password":"test"} so, that json is part of the url how can I add it? I tried the following things
$arrayVariable = array (
"Usuario" => "user",
"Clave" => "test"
);
$res = json_encode($arrayVariable);
but the answer of $res is the following
"{\"Usuario\":\"user\",\"Clave\":\"test\"}"
I've tried str_replace to remove backslashed but it didn't work, I tried the following two functions
$res = str_replace("\\","",$res)
$res = str_replace("\\\\","",$res)
but it didn't work because seems the backslash is part of the " quote
Edit: I can't change the url because is an external API so nothing I can do that way
You could use the urlencode() function.
$arrayVariable = array (
"Usuario" => "user",
"Clave" => "test"
);
$res = urlencode(json_encode($arrayVariable));
But i think you should re-think your logic since this is a very unusual thing to do.
The following code lives on one of my servers:
$curl = curl_init();
$url = "http://www.example.com/controller/action?param1=" . $value1 . "¶m2=" . $value2;
$url = str_replace(" ","%20",$url);
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => $url
));
$result = curl_exec($curl);
Most of the time, this works just fine. However, today in example.com's access logs, I noticed an entry where the second parameter was completely missing. Not just the value, the entire parameter. So the log line was
GET /controller/action?param1=36838242 HTTP/1.1
I can't think of any condition what would cause param2 to be completely missing from the querystring. However, obviously it happened. And there is only one block of code that makes this curl call, so this is definitely the code responsible for the access log entry.
So my question is, under what condition could part of a concatenation fail, but have the rest of the code continue running? Since the code works 99% of the time, I'd love to write it off as a fluke, but this is really bugging me.
As others have pointed out, the string concatenation cannot fail.
I'm going to guess that $value1 contains a some non-printable character that is not being properly encoded. Your str_replace is only handling spaces. You would be much safer doing something like this:
$params = array( 'param1' => $value1,
'param2' => $value2 );
$url = 'http://www.example.com/controller/action?' . http_build_query($params);
And dropping the current call to str_replace.
Hi I have a dropdown that needs to be saved in a MYSQL table, and this happens thru this code:
$pjt_table = 'music_fisica';
$full_pjt_save = array(
'physical_format_vinile' => $this->input->post('formato_vinile'),
);
$pjt_save = array(
'user_id' => $this->session->userdata('user_id'),
'id_acquisto' => $this->input->post('id_acquisto'),
'pjt_name' => $this->input->post('pjt_name'),
'pjt_type_name' => $pjt_table,
'pjt_table' => $pjt_table
);
//Full Project
$added_fields = $full_pjt_save+array('last_mod' => time());
$this->db->where('id_acquisto', $this->input->post('id_acquisto'));
//$this->db->set('physical_format_vinile', $this->input->post('formato_vinile'), FALSE);
$save_full_pjt_to_db = $this->db->update('progetti_'.$pjt_table, $added_fields);
$pjt_table_id = $this->db->insert_id();
$this->db->where('id_acquisto', $this->input->post('id_acquisto'));
$this->db->update('progetti', array('distrib_fisica' => '1'));
$exist_pjt = $this->db->get_where('progetti_'.$pjt_table, array('id_acquisto' => $this->input->post('id_acquisto')));
The problem is that the dropdown contains a double quote and get cut off when saved to the table.
And this 45 Giri (7" Singolo, 45 Giri) becomes this 45 Giri (7.
I tried changing the config adding the double quotes
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-\"';
but this doesn't change anything. I tried the XSS filtering false
$config['global_xss_filtering'] = FALSE;
also this doesn't change a thing.
Any suggest?
Search and replace the double quote with " the html equivalent.
Something like:
$yourVariable= str_replace('\"', '"', $yourVariable);
not tested
I solved it, the mistake was in the HTML:
<option value="<?= $value ?>"><?= $value ?></option>
This actually broke the value double quotes due to the item.
Tks everybody.
I have the following string generating mp3 urls for a music player on my site.
<?php echo $song->getTitle() ?>
which results in /public/music_song/df/74/746b_2112.mp3?c=ec1e
I would like to remove the query from the string
resulting in /public/music_song/df/74/746b_2112.mp3
I've looked into how to split the url, but I'm nowhere near being a php genius just yet so I dont know weather to split or use preg_replace or how the heck to incorporate it into my existing string.
I have to get rid of these queries, they are unneeded and crashing my databases on a daily basis.
list($keep) = explode('?', '/public/music_song/df/74/746b_2112.mp3?c=ec1e');
$parsedInput = parse_url('/public/music_song/df/74/746b_2112.mp3?c=ec1e');
echo $parsedInput['path'];
// Results in /public/music_song/df/74/746b_2112.mp3
Edit: Since I havent worked with SocialEngine, Im guessing that what you need to do is:
<?php $parsed = parse_url($song->getFilePath());
echo $this->htmlLink($parsed['path'],
$this->string()->truncate($song->getTitle(), 50),
array('class' => 'music_player_tracks_url',
'type' => 'audio',
'rel' => $song->song_id )); ?>
I need to find all schools with contains a certain emailaddress in a string
At this moment, I'm sending a query to my database to obtain a list of Schools like this
$aSchools = School::model()->findAllByAttributes(array(
'finished' => School::SCHOOL_CREATED,
));
After that, I itterate over all the schools to check if they containt the mailAddress like this:
$aFoundSChools = array();
foreach($aSchools as $oSchool)
{
if (strpos($oSchool->mailAddress, Yii::app()->user->mailAddress))
{
$aFoundSChools [] = $oSchool;
}
}
But I'm guessing this could be cleaner, right? Can i do that in a single function, like a 'LIKE' query in sql?
MongoDB supports "like" queries in the form of regular expressions. Be warned though that this can not use an index. From plain PHP, you'd construct it like this:
$query = array(
'finished' => School::SCHOOL_CREATED,
'mailAddress' => new MongoRegexp( '/' . addslashes( Yii::app()->user->mailAddress ) . '/' ),
);
You'll have to use the addslashes if you think your mail address might contain a /.
I don't quite know Yii, but I expect you can use $query like this, just replacing your already existing test for just 'finished':
$aSchools = School::model()->findAllByAttributes( $query );