I have implemented uploadify in to my web application and it all works brilliantly except one thing. When the files are displayed in the queue, when I go to remove one from the queue I get an error.
The error is:
illegal character
jQuery(\'#'+a(this).attr(
and the code which this refers to is this:
<a href="javascript:jQuery(\'#'+a(this).attr("id")+"').uploadifyCancel('"+i+'\')">
If you could advise me that would be great. Thanks.
This was the working code, he just modified it wrong.
<a href="javascript:$('#file_upload').uploadifyCancel($('.uploadifyQueueItem').eq(i).attr('id').replace('file_upload',''))">
The i variable defines which upload in the queue to cancel i.e. 0 is first, 1 second, -1 is last, -2 second last etc.. Alernatively if you have already grabbed the upload ID from uploadify, you can just do..
<a href="javascript:$('#file_upload').uploadifyCancel(ID)">
For reference in case anyone ends up here
http://www.uploadify.com/documentation/methods/uploadifycancel/
Also see http://api.jquery.com/eq/
I think you are getting the quotes mixed up and escaped wrong. Try this:
<a href="javascript:jQuery('#'+a(this).attr('id')).uploadifyCancel(i)">
Your quotation marks are wrong.
the value of the href attribute should be surrounded by " marks. The value itself should contain only ' marks. Escape them properly (\') when necessary.
Related
PHP Mysql CodeIgniter Converting characters to symbols in very bizarre circumstances
Application Built on CodeIgniter.
Has been running for over a year. No problems.
Client fills in a form about a customer.
A simple trim($_POST['notes']) captures textarea form field text and saves to MySQL
no error reported in PHP or JavaScript
The other day I notice some text the client has entered, has had the brackets used in the text "()" replaced with the equivalent "()
I think... "That's strange... I don't recall any reason why those characters would have been replaced like that.!"
I take a look ... and a day later... here is my madness revealed:
The text in question is verbatim "
Always run credit card on file (we do not charge this customer for pick-up or return)
"
No matter what I did or changed on the code side.. I could not prevent the PHP... OR Javascript... Or MySQL... OR alien beings... - or whoever the heck is doing it - from converting the "()" in the text to "(). And I tried many things like cleaning the string in all ways known to man or god. Capturing the string previous to sending just before saving to the database. And the conversion would always take place just before the save to MySQL. I tried posting in different forms and fields... Same thing every time... could not stop the magic conversion to "().
What in the name of batman is in this magical text that is causing this to happen?? is it magic pixie dust sprinkled on to godaddy server it is running on??? 0_o
.......
Being the genius that I am 0_0 I decide to remove one word from the paragraph at a time.
Magically... as all the creatures of the forest gathered around - as I finally got to the word "file" in the paragraph, and removed it !!! Like magic - the "()" stay as "()" and are NOT converted to "()?!?!???!?!? :\ How come??I simply removed the word "file" from the text... How could this change anything?? What is the word "file" causing to change with how the string is saved or converted??
OK -So I tested this out on any and every form field in the app. Every single time, in any field, if you type the word "file" followed by a "(" it will convert the first "(" to "(; and the very next ")" to ")
So.. if the string is:
"file ( any number of characters or text ) any other text or characters"
On post, it will be converted mysteriously to:
"file ( any number of characters or text ) any other text or characters"
Remove the word "file" from the string, and you get:
"( any number of characters or text ) any other text or characters"
The alien beings return the abducted "()"
Anyone have a clue what the heck could be going on here?
What is causing this?
Is the word "file" a keyword that is tripping some sort of security measures? interpereting it as "file()"???
I dunno :\
It's the strangest thing I ever saw... Except for that time I walked in on Mom and Dad 0_o
Any help would be greatly appreciated, and I will buy you a beer for sure :)
The very large headed, - (way to much power for such tender egos) -, Noo-Noos here at stack have paused this question as "Off topic" LOL... honest to God these guys are so silly.
So - in an effort to placate the stack-gestapo - I will attempt to edit this question so that it is... "on topic"??? 0_o ... anything for you oh so "King" Stack Guys O_O - too bad you would never have the whit to ever notice such a bug... maybe some day. ;)
Sample code:
<textarea name="notes">Always run credit card on file (we do not charge this customer for pick-up or return) blah blah</textarea>
<?php
if(isset($_POST['notes']){
$this->db->where("ID = ".$_POST['ID']);
$this->db->update('OWNER', $_POST['notes']);
}
?>
Resulting MySQL storage:
"Always run credit card on file (we do not charge this customer for pick-up or return) blah blah"
InnoDB - Type text utf8_general_ci
I am not looking for a way to prevent it, or clean it... I am clearly asking "What causes it"
/*
* Sanitize naughty scripting elements
*
* Similar to above, only instead of looking for
* tags it looks for PHP and JavaScript commands
* that are disallowed. Rather than removing the
* code, it simply converts the parenthesis to entities
* rendering the code un-executable.
*
* For example: eval('some code')
* Becomes: eval('some code')
*/
$str = preg_replace('#(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', "\\1\\2(\\3)", $str);
This is the part of XSS Clean. (system/core/Security.php)
If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your application/config/config.php file and setting this:
$config['global_xss_filtering'] = TRUE;
https://www.codeigniter.com/user_guide/libraries/security.html
try something like this
$this->db->set('OWNER', $_POST['notes'],FALSE);
$this->db->where('ID ', $_POST['ID']);
$this->db->update('table_name');
Men I think Is in your server. If Ur using Wamp try to check if you have miss Install some arguments in xhtml. This is my Idea. it's related on my experience in CodeIgniter. hope U will response if you want some advice.
Use utf8 encoding to store these values.
To avoid injections use mysql_real_escape_string() (or prepared statements).
To protect from XSS use htmlspecialchars.
How ever not sure what is the issue in ur case..
Probably try using some other sql keywords in the string and verify the solution.
Try replacing the ( and the ) with ( and ) using str_replace
If you are storing ( and ) in your database then you should try replacing it on output if not try and replace it before input.
I'm not sure if this would work, but you could try inserting a slash in or before the word 'file':
fi\le ( any number of characters or text ) any other text or characters
when i use stripslashes in php but i did not get the exact solution. I have menstion below which i used in my code those are
Example if i have the value in table like suresh\'s kuma\"r
i trying to display the value in the following three formats but no one is giving exact value
1) value=<?=stripslashes($row[1])?> //output is suresh's
2) value='<?=stripslashes($row[1])?>' //output is suresh
3) value="<?=stripslashes($row[1])?>" //output is suresh's kuma
But the exact output i need is suresh's kuma"r
let me know how to resolve the this issue?
The issue has nothing do to with stripslashes. If I guess correctly, the problem lies in the fact that in your examples quotes break the html field attribute;
I'll show you by manually echoing out your $row content as per your infos:
value=sures kumar --> leads to browser to interpret this as value="sures" kumar
value='suresh'khumar --> well, same story value='sures' khumar
value="Suresh"Khumar -->what can I say...you know the drill
Escaping the quotes won't affect html, since backslashes has no meaning in html.
Both value="Suresh" and value="Suresh\" will work fine for the browser, but your name will always be interpreted by the browser as some unknown attribute, leaving only the first part inside the value.
What you might do, instead, is apply htmlentities($row[1],ENT_QUOTES) so that they get converted in the equivalent entity ("e;,for ex.) and not break your value attribute. See manual.
Another issue is that you shouldn't be having backslashes in your database in the first place; this might be due to the presence of magic_quotes enabled in your provider, or you passing manually addslashes() or other wrong trickery. If you want to insert into a database values containing quotes, use the escaping mechanism provided by your database driver (mysql_real_escape_string() in mysql, for ex.), or better tools (preparated statements with query bindings).
You should first get rid of all the slashes using that stripslashes and re-saving back the content; but slashes or not, the issue would appear again if you don't format that appropriately for your html, as I showed above.
Are you sure you want stripslashes instead of addslashes? Is the purpose is to quote the " characters?
I'm using cakephp. In my users model I allow ppl to upload a pic. Once it uploads ok I save the url of the pic to $this->data['User']['image_url'] and save it. To upload I use the kind advice given here: http://www.jamesfairhurst.co.uk/posts/view/uploading_files_and_images_with_cakephp
After the upload is done I want to resize the photo so I have a thumbnail. I'm using the advice here: http://bakery.cakephp.org/articles/Perkster/2008/04/12/image-resizer-crop
All is ok, except for the value in $this->data['User']['image_url'] looks like files/photos/userimage.jpg
The upload script I'm using seems to be expecting the urls with backslashes rather than forward ones coz when I run it I get the error
getimagesize(C:\xampp\htdocs\MyNewSite\app\webroot\img\files/photos\$image_name) [function.getimagesize]: failed to open stream:
What can I do to fix this?
The slashes are not the problem, the $image_name is. It's impossible to tell without seeing the code, but you probably are using single quotes when assigning the file name, leading to the variable not getting parsed properly.
Windows accepts both directory separators \ and /, thus the problem must be somewhere else. This is taken from the error message
C:\xampp\htdocs\MyNewSite\app\webroot\img\files/photos\$image_name
I assume, that there is no file $image_name ;) It seems, that you didnt let PHP evaluate the variables when calling getimagesize()
My previous question and this question both are related a bit. please have a look at my previous question I did not found any other way to unserialize the data so coming with the string operation
I am able to get the whole content from file but not able to get the specific string from this content.
I want to search a specific string from these content but function stop working when the reach at first special character in the string. If I am searching something found before the special character the works properly.
String operation function of PHP not working properly when the encounter first special character in the string and stop processing immediately, Hence they does not give me the correct output.
Originally they looks like (^#)
:"Mage_Core_Model_Message_Collection":2:{s:12:"^#*^#_messages";a:0:{}s:20:"^#*^#_lastAddedMessage";N;}
but when I did echo they are display as ?
Here is the code what I tried
$file='/var/www/html/products/var/session/sess_ciktos8icvk11grtpkj3u610o3';
$contents=file_get_contents($file);
$contents=htmlspecialchars($contents);
//$contents=htmlentities($contents);
echo $contents;
$restData=strstr($contents,'"id";s:4:"');
echo $restData;
$id=substr($restData,0,strpos($restData,'"'));
echo $id;
I changed the default_charset to iso-8859-1 and also utf-8 but not working with both
Please let me know How I can resolve this.
Thanks.
These characters that you see as ^# are actually null bytes. They don't have any proper display, neither they are meant to be displayed - it's an internal representation of protected properties in the engine. You're not supposed to mess with them.
As for resolving, it'd be nice to know what kind of resolution you seek - what result are you trying to achieve?
I am trying to pass a variable frm php to a javascript function, however a space keeps getting appeneded, and I can not see how.
The relevant php code snippet:
<p>Click for full description </p>".$brand."
<p>DELETE
$brand is what I want to pass, and deleteRec is the name of the function.
At the end of the first line I am echoing out brand before the link to deleteRec, and it contains no space. In my test case, it is set to simply 'o'.
The link that is genereated for deleteRec however, clearly contains a space, and I don't know where it is coming from.
DELETE
Do var_dump($brand) and look closely - there's almost certainly a space in it!
In which case, you can guard against it with trim
$brand=trim($brand);
Change:
<p>DELETE
to:
<p>DELETE
and tell us how it goes.
Try do echo the following:
echo "--$brand--";
This way you'll be able to see if there are any spaces in the variable.
As a general matter of style, I would change second link from:
<a href=\"#\" onclick=\"
deleteRec('".$ARTICLE_NO."', '".$brand."', '".$pg."', '".$nextArticleNo."')\">DELETE</a>
to:
<?php
$deleteRecArgs = "'$ARTICLE_NO', '$brand', '$pg', '$nextArticleNo'";
?>
DELETE
It's easier to read and maintain.