I have a form into which I entered a newline character which looked correct when I entered it, but when the data is now pulled from the database, instead of the white space, I get the \n\r string showing up.
I try to do this:
$hike_description = nl2br($hike_description);
But it doesn't work. Does anyone know how this can be fixed? I am using PHP.
And here is the page where this is happening. See the description section of the page:
http://www.comehike.com/hikes/scheduled_hike.php?hike_id=130
Thanks,
Alex
Does anyone know how this can be fixed?
Sure.
Your code doing unnecessary escaping, most likely before adding text to the database.
So, instead of replacing it back, you have to find that harmful code and get rid of it.
This means, you have probably plain text '\n\r' strings in the db.
Try to sanitize db output before display:
$sanitized_text = preg_replace('/\\[rn]/','', $text_from_db);
(just a guess).
Addendum:
Of course, as Col. Shrapnel pointed out, there's something fundamentally wrong
with the contents of the database (or, it is used this way by convention and you don't know that).
For now, you have fixed a symptom partially
but it would be much better to look for the reason for these escaped characters
being in the database at all.
Regards
rbo
You can use str_replace to clean up the input.
$hike_description = nl2br(str_replace("\r\n", "\n", $hike_description));
$hike_description = str_replace(array('\n','\r'),'',$hike_description);
You may want to read up on the differences between the single quote and double quote in PHP as well: http://php.net/manual/en/language.types.string.php
Related
I am trying to convert a single quote into html specialchars.. but its not working. I am not sure what I am doing wrong here. Below is how I am using the function
echo htmlspecialchars("Housemade Mac N' Cheese",ENT_QUOTES);
Any help would be really appreciated!
The following comes from my own experiment.
Try this, it will replace all single quote by ߴ, which is an Unicode character. nko high tone apostrophe (U+07F4). Php/js will treat it as a regular character, so no headaches here.
Of course the content of $string is going to be altered, this is not the perfect solution but a workaround.
echo htmlspecialchars(preg_replace("/'/","ߴ",$string),ENT_QUOTES);
To understand it better, in your showcase, the following should be ok, but what if the string will change to something you don't know yet. Will it contains single quotes, on, two, three, where? This is hard stuff! Look simple but it is actually a very complex case!
echo htmlspecialchars("Housemade Mac N\' Cheese",ENT_QUOTES);
Philosophical annexe, this part can be skipped...
The most complex things are hiding in the simplest.
Personal reflexion 💡
There is probably a much more elegant way to say the title, but that's the best I could come up with because frankly I am feeling silly that I don't know the answer and even have to ask but that's how you learn, so no shame necessary.
I have stored dataURIs such as :
data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAE5klEQVR4nO1ZS0hjVxg+9xEJVFAnCzcuurVC3XfTWpqMMTGJbrSFQumAxhERFdE4YK4Bo5kY8zAvo0434nKghW46pXRhH5sKBXHXdikyDjGK0ETj7f/f5KY3N68bySSh9YPP/5x7Xv9/znfOubkS8oAH/L9B1XtAnufVYNTZbBqYpCgqVaKuCgySxiwwBXVvpHXYt+hrKajn5+fjNzc3hGEYolarT1ZXV0NLS0t74FwSK4DjLQ6H48nCwsJkKpXqSafTQl2v19sKxQ0PIAcM4vr6+r2rq6uQzWZ7ur+//8nd3R1ZXFz8Hp73YDnLsoSmaQwKm/DyPuj6u03+drvd7Z2dnf1dXV2fazSaX2DmSSKR6Dk+Pn55cnLy8vLysgeftbW1/Qz1Puvo6ND5fL53iGz2EXXfA3Kgzp1O59jZ2VkQZxmJzkNgT+12+w6kb8u1b3gACAwCJPRjPB7/APM48y6X68NKziMaIaEC4MnS2toaQr0jIR1U4jyioZtYCtiw57hZEbe3t+dK2zXFCiC6u7uP0eIeWFlZ+Ulpu6ZZgZGRkcTh4WHV7ZpmBUiRM14JGGnm4OCAHx4e5pBDaIeGuCGgBa3FwlmAZrRmM2c2WzgTWpOJM5nM3CDawUHBGsEajUbBGsAaDECjgRswAAfQDnD6AaAerZ7r1+u5346Onp2/fi348ceffz3T6rSc7nE/8DGn1ek4nS5jtVod9+rVdyuiz3kSQv2Njo4qnyYxQ4lpXpop3qbog8zDmZkZwQerdbzk+F6vLy9fEAACr/O8cSQD8lKvs/VzSfxDSQLgC5pncnx5vcAplOtaCpWKlYyfQd4euJcICSk62D16yU1guftVPhZbrFSs07//phae5fDtpx3KKpabEVlZUQmJuKvJzFaPcsPKJZQfgCyRfhsBlNK/uF8q6FGRhETUfgVq0GGzSogvMn6pelIUSCjD7HFarwCqOMbkQdZXQhXOf2V9lJWQmMqcw/VaAekwFTexLC+TEC+KUcjXOoDip091g1QlodrcsMqhZBMrkpBY5dcnj/IqU8J1T7LvO7lWxUx+eUnty6+lyqgsIQkoaQk6gY5nH2a+HuT3WvWC3WOF5atEy0qFXlmGFsjkmPmxzTJMljRRscy/eUgzbMYWMNtWVUAog7dLlYQiVLLn+eUV3kb3Xrwgu3t7And2d0lsBxkj27FtEt1GRkkkGiXhCDJCQuEwCYbCJBQKkWAwRLa2gsAtEghsEX8gQHwBP/H5/cTr9xGvz0c2vV7i8W6SjU2wHrAeD3FveIS0OMPP3Rtk3fWcrK27yNraOnECV51rQGfBvmyK70IIcJydmJgQvrxFIhGWoqi0knbN9Jv4XmiaAGZnZ98X09PT071K2zVNACCh9qxF0660XdPsgcnJyQD8Fp7CNMMwgXA4PN1onxRjeXlZY7Va42NjYzwS03Nzc4p+fzZ8BWw226NEIvFDOp3upbI3I34VoWn695aWlr5AIBAv177uewA0TjscDs3U1FQf8MuLi4sjdF5whqZnkRgIBNGbTCaPYDW+GB8f/6hUf434Nkqdnp6ei//MEP+hAbp3wGUofLWC+6ANjB3K3gV+hc9AWiQWixUopqGnEDoOrxnfAD+GTWuHPI+MRqMc2D7g1xX7qIejUqCEJOMKL1/odL39eMAD/iv4B7EvTT8yUT9VAAAAAElFTkSuQmCC
in a variable by simply doing: $some_var = "INSERT_ABOVE"; and has usually worked fine, but I am finding in a piece of code I am working on right now that the code breaks anytime one of the variable=>datauri scheme I showed above is used but deleting that line, fixes the code.
So I am not sure ?WHY? this particular datauri is breaking the code and shouldn't anything inside "" QUOTATIONS be treated as a literal string? Is there a best practice or should I say recommended way of storing datauris as variables to be used through the code, so it doesn't break?
Any thoughts and/or suggestions would be greatly appreciated, TIA.
PS. This wasn't just due to the backslash at the end, it was also that the string by itself wasn't being respected, now it is storing into variable like this, thanks. Since the title most accurately describes what was being achieved, I think its more appropriate.
Use Heredoc string quoting. It's another way to represent strings in PHP. It can eliminate your problem of ending quote getting escaped by string data.
$str = <<<EOD
data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAE5klEQVR4nO1ZS0hjVxg+9xEJVFAnCzcuurVC3XfTWpqMMTGJbrSFQumAxhERFdE4YK4Bo5kY8zAvo0434nKghW46pXRhH5sKBXHXdikyDjGK0ETj7f/f5KY3N68bySSh9YPP/5x7Xv9/znfOubkS8oAH/L9B1XtAnufVYNTZbBqYpCgqVaKuCgySxiwwBXVvpHXYt+hrKajn5+fjNzc3hGEYolarT1ZXV0NLS0t74FwSK4DjLQ6H48nCwsJkKpXqSafTQl2v19sKxQ0PIAcM4vr6+r2rq6uQzWZ7ur+//8nd3R1ZXFz8Hp73YDnLsoSmaQwKm/DyPuj6u03+drvd7Z2dnf1dXV2fazSaX2DmSSKR6Dk+Pn55cnLy8vLysgeftbW1/Qz1Puvo6ND5fL53iGz2EXXfA3Kgzp1O59jZ2VkQZxmJzkNgT+12+w6kb8u1b3gACAwCJPRjPB7/APM48y6X68NKziMaIaEC4MnS2toaQr0jIR1U4jyioZtYCtiw57hZEbe3t+dK2zXFCiC6u7uP0eIeWFlZ+Ulpu6ZZgZGRkcTh4WHV7ZpmBUiRM14JGGnm4OCAHx4e5pBDaIeGuCGgBa3FwlmAZrRmM2c2WzgTWpOJM5nM3CDawUHBGsEajUbBGsAaDECjgRswAAfQDnD6AaAerZ7r1+u5346Onp2/fi348ceffz3T6rSc7nE/8DGn1ek4nS5jtVod9+rVdyuiz3kSQv2Njo4qnyYxQ4lpXpop3qbog8zDmZkZwQerdbzk+F6vLy9fEAACr/O8cSQD8lKvs/VzSfxDSQLgC5pncnx5vcAplOtaCpWKlYyfQd4euJcICSk62D16yU1guftVPhZbrFSs07//phae5fDtpx3KKpabEVlZUQmJuKvJzFaPcsPKJZQfgCyRfhsBlNK/uF8q6FGRhETUfgVq0GGzSogvMn6pelIUSCjD7HFarwCqOMbkQdZXQhXOf2V9lJWQmMqcw/VaAekwFTexLC+TEC+KUcjXOoDip091g1QlodrcsMqhZBMrkpBY5dcnj/IqU8J1T7LvO7lWxUx+eUnty6+lyqgsIQkoaQk6gY5nH2a+HuT3WvWC3WOF5atEy0qFXlmGFsjkmPmxzTJMljRRscy/eUgzbMYWMNtWVUAog7dLlYQiVLLn+eUV3kb3Xrwgu3t7And2d0lsBxkj27FtEt1GRkkkGiXhCDJCQuEwCYbCJBQKkWAwRLa2gsAtEghsEX8gQHwBP/H5/cTr9xGvz0c2vV7i8W6SjU2wHrAeD3FveIS0OMPP3Rtk3fWcrK27yNraOnECV51rQGfBvmyK70IIcJydmJgQvrxFIhGWoqi0knbN9Jv4XmiaAGZnZ98X09PT071K2zVNACCh9qxF0660XdPsgcnJyQD8Fp7CNMMwgXA4PN1onxRjeXlZY7Va42NjYzwS03Nzc4p+fzZ8BWw226NEIvFDOp3upbI3I34VoWn695aWlr5AIBAv177uewA0TjscDs3U1FQf8MuLi4sjdF5whqZnkRgIBNGbTCaPYDW+GB8f/6hUf434Nkqdnp6ei//MEP+hAbp3wGUofLWC+6ANjB3K3gV+hc9AWiQWixUopqGnEDoOrxnfAD+GTWuHPI+MRqMc2D7g1xX7qIejUqCEJOMKL1/odL39eMAD/iv4B7EvTT8yUT9VAAAAAElFTkSuQmCC\
EOD;
echo $str;
I am having some problems trying to datamine this site, maybe you can help?
$content = file_get_contents('http://store.steampowered.com/app/8190/');
$regexp='#(.*?)#';
preg_match($regexp,$content,$string1);
print_r($string1);
This code doesn't seem to work, maybe it seems obvious to you? Thanks :)
You have not escaped the hyperlink tag, try this:
$regexp='#<a\s+href\s+=\s+"http://store\.steampowered\.com/search/\?category2=2"\s+class\s+=\s+"name">(.*?)</a>#';
You need to escape parts of the string that you do not want parsed as special regex characters such as '?'.
I'm using php to look at an XML file that has a URL in it. The URLs look something like this:
https://site.com/bacon_report?Id=1&report=1¤tDimension=2¶m=1
When I echo out the URLs, the "¤" shows up as "¤" (AKA #164, A4 or currency symbol) and the links don't work. This happens even though there isn't a closing semicolon for it. What is the cleanest way to make "¤" display literally?
Funny enough I ran into the same problem just now and I found this answer. However, I found another solution which might even be better!
Simply put the variable at the beginning of your query string, and you will avoid the ¤ completely.
Do:
https://site.com/bacon_report?currentDimension=2&Id=1&report=1¶m=1
instead of:
https://site.com/bacon_report?Id=1&report=1¤tDimension=2¶m=1
Use the php function urlencode:
urlencode("https://site.com/bacon_report?Id=1&report=1¤tDimension=2¶m=1"
will output
https%3A%2F%2Fsite.com%2Fbacon_report%3FId%3D1%26report%3D1%26currentDimension%3D2%26param%3D1
The problem here is escaping - you need to escape the "&" characters. In XML all special characters like <, >, ', " and & should be escaped.
Escape it properly as
https://example.com/bacon_report?Id=1&report=1¤tDimension=2¶m=1
..just like in HTML:
WRONG - no escaping
CORRECT - correct escape sequence
So - the cleanest way to show "¤" in HTML/XML is to properly escape the ampersand, and render it as "¤".
I think that in this case it is best to use htmlentities because with urlencode you get
https%3A%2F%2Fexample.com%2Fbacon_report%3FId%3D1%26report%3D1%26currentDimension%3D2%26param%3D1
and when applying urldecode, you will still have the ¤ symbol
where as with htmlentities the url comes out clean.
https://example.com/bacon_report?Id=1&report=1¤tDimension=2¶m=1
I came across this issue while working on technical documentation (in Markdown which gets converted to HTML).
To solve the issue I used a zero-width space character which I copied and pasted from between these brackets (). That way it appears that there is no space and can include the below without any issues:
/search?query=1¤tLonLat=-74.600291,40.360869
In my PHP code, I'm setting up an area for people to enter their own info to be displayed. The info is stored in an array and I want to make it as flexible as possible.
If I have something like...
$myArray[]['Text'] = 'Don't want this to fail';
or
$myArray[]['Text'] = "This has to be "easy" to do";
How would I go about escaping the apostrophe or quote within the array value?
Thanks
Edit: Since there is only a one to one relationship, I changed my array to this structure...
$linksArray['Link Name'] ='/path/to/link';
$linksArray['Link Name2'] ='/path/to/link2';
$linksArray['Link Name2'] ='/path/to/link3';
The plan is I set up a template with an include file that has these links in a format someone else (a less technical person) can maintain. They will have direct access to the PHP and I'm afraid they may put a single or double quote in the "link name" area and break the system.
Thanks again.
POSSIBLE SOLUTION:
Thanks #Tim Cooper.
Here's a sample that worked for me...
$link = "http://www.google.com";
$text = <<<TEXT
Don't you loving "googling" things
TEXT;
$linksArray[$text] = $link;
Using a heredoc might be a good solution:
$myArray[]['Text'] = <<<TEXT
Place text here without escaping " or '
TEXT;
PHP will process these strings properly upon input.
If you are constructing the strings yourself as you have shown, you can alternate between quotation styles (single and double)...as in:
$myArray[]['Text'] = "Don't want this to fail";
$myArray[]['Text'] = 'This has to be "easy" to do';
Or, if you must escape the characters, you use the \ character before the quotation.
$myArray[]['Text'] = 'Don\'t want this to fail';
$myArray[]['Text'] = "This has to be \"easy\" to do";
If you really want to make i easy, use a separate configuration file in either INI or XML style. INI is usually the easiest for people to edit manually. XML is good if you have a really nested structure.
Unless you are letting users enter direct PHP code (you probably aren't), you don't have to worry about what they enter until you go to display it. When you actually display the info they enter, you will want to sanitize it using something like htmlentities().
Edit: I realize I may be misunderstanding your question. If so, ignore this! :)
You can use the addslashes($str) function to automatically escape quotes.
You can also try htmlentities, which will encode quotes and other special values into HTML entities: http://php.net/manual/en/function.htmlentities.php