Whenever I was inserting AT&T to database it was added as AT&T; semicolon is added extra in code igniter.
My code is like this:
$this->input->post('carrier_name');
$this->db->insert('cs_carrier',$insert);
please suggest.
In case someone comes across this later. I ran into this issue today, and it turns out it was the xss_clean function within CI. I opted not to use it and used filter_var instead.
replace any special character like & = & then you can store into database.Anyway another things.Please make your data field text type otherwise it don't take any special char.
Related
I have a MySQL table that contains names and e-mail addresses. The data was originally imported from a .csv file, and it did not originally contain complete e-mail addresses. We had to append the #place.domain to the user's alias.
When the data is sitting in the MySQL table, it looks normal: person#place.domain; however, when I output the content in PHP, I get this: person #place.domain. There's always a space between the person and the #. It doesn't look like that in the MySQL column, nor does it look like that when I copy/paste the data into Notepad, Word, Excel, etc. Furthermore, if I erase the data in the column and manually replace it with person#place.domain, it displays normally in my PHP app. So I'm guessing there's some hidden character that PHP is picking up that I can't detect. Is there a way for me to clean this up? I've tried TRIM(), REPLACE,(), etc., all to no avail.
UPDATE: I've discovered that, when I click in the MySQL field and move among the characters using my arrow keys, I have to hit the arrow key TWICE to move past the # symbol, yet there is no visible space.
I made this sample code for you:
<?php
$test = "user #mail.com";
$aux = explode("#",$test);
$mailok = trim($aux[0])."#".trim($aux[1]);
echo $test." vs ".$mailok;
?>
This is likely something like non-breaking space (ascii 160). To get rid of it:
UPDATE my_table SET e_mail = REPLACE(e_mail, CHAR(160), '');
Try with a foreach cycle, and do the chr($char) function to every character in the string, it will display you the ascii code of each character in the string, and you will find the wrong character. It's the only solution I found. Hope to be useful
I am trying to insert into mysql from an xml using PHP, but the field name contains a "hyphen" and for some reason it is not inserting this field, the rest are fine. I have tried using the hex codes x002D, x2010,x2012, and none have worked. As you can see in my xml, the hyphen is not being changed like the space, but if I just remove the x002D inserts everything after the "E" in other words just inserts -mail_x0020_Address.
This is my xml:
<encuestas>
<ID>9949</ID>
<E-mail_x0020_Address>email#email.com</E-mail_x0020_Address>
<ZIP_x002F_Postal_x0020_Code>90001</ZIP_x002F_Postal_x0020_Code>
</encuestas>
This is my insert statement ( I removed fields, I have 20 on that xml):
"INSERT INTO New_Encuestas_Datos(ID,`email`,`Zip/Postal Code`) VALUES('$product->ID','$product->E-mail_x0020_Address','$product->ZIP_x002F_Postal_x0020_Code')";
The variables are coming from an array reading the xml and like I said, everything is imported except email. I have tried the following combinations:
E-mail_x0020_Address
E_x002D_mail_x0020_Address
E_x2010_mail_x0020_Address
E_x2012_mail_x0020_Address
Can anyone point me what I am doing wrong? Thanks !
Hmm, I doubt you can use it in a string, but in plain PHP it is $product->{'E-mail_x0020_Address'};. But that doesn't matter anyway, as you should escape you values prior to sending them to a database you can nicely name an escaped variable as you like.
Try using:
"INSERT INTO New_Encuestas_Datos(ID,`email`,`Zip/Postal Code`) VALUES('{$product->ID}', '{$product->E-mail_x0020_Address}', '{$product->ZIP_x002F_Postal_x0020_Code}')";
Edited:
Just found here Validate class/method names with regex that '-' is not valid in method names.
I am having hard time getting a form submitted textarea where people put in line breaks when they hit enter on their address..For example.
<textarea name="address"></textarea>
I am using this to get the post
$address = mysql_real_escape_string(trim($_POST['address']));
They are entering 123 test <return>city,state.
Then after they submit, in the mysql database the address is showing 123 testnrcity state
So how can I handle this?
Thanks!
Use nl2br?
$address = mysql_real_escape_string(trim(nl2br($_POST['address'])));
HTH :)
Have you checked what's in your database field? Just show the database contents with phpMyAdmin or a similar tool. The line break can either be a line break character or two characters: \n. If it's the latter, then your input probably was escaped twice. Or is it just "n". Then there is probably another escaping somewhere along the way. Do you use a database abstraction layer? Maybe it escapes the values too.
I was not able to resolve this the way I wanted to and just settled with using str_replace() to replace all "\r\n" stuff with a space...
How to insert ampersand in mysql using php?
Thanks in advance
When I execute the following code the “one” is saves in database but the “ second” and ampersand sign won’t. plz help me…
$companyName ="one & second";
INSERT INTO registeration(companyName) VALUES('". $companyName ."')";
I know this is old but I just ran into this issue myself and the issue turned out to be an escaping issue with ajax post rather than an issue with mysql and php. I added encodeURIComponent(variabletopost) to the variable before posting it with ajax and it worked great.
Exactly the same way as any other data, no special action required.
insert into table (field) values ('&')
I know it's an old post but,
try adding addslashes() to your php var:
$companyName = addslashes("one & second");
Then, when php parses the '&' (ampersand) , it reads '\&' (backslash-ampersand) instead of trying to create a reference in the middle of the query.
I also faced this type of issue and solved by using javascript function encodeURIComponent(uri);
In place of uri you have to put your variable. then it will allow all special character.
I've a problem of character encoding in php, so this's the php code:
n_event=$_GET['ndlann'];
$nom_complet=htmlentities(stripslashes($_POST['nom']));
$email_comment=htmlentities(stripslashes($_POST['email']));
$titre_comment=htmlentities(stripslashes($_POST['titre']));
$texte_comment=htmlentities(stripslashes(nl2br($_POST['commentaire'])));
$pays_comment=$_POST['pays'];
$date_ajout=date('Y/m/d');
Data will be added in a database table , you see that this data comes from a comments form,
so when the user enters some comments with orient languages carachters (arabic,hebrew...etc), the input data will change to something like :
Ø´Ù�را عÙ�Ù� اÙ�Ù�Ù�ضÙ�Ø
I tried to delete the htmlentities method and that works fine , but does start another problem of comments form security (js scripts will be executed)
What can I do with this situation?
and thanks
Do not use htmlentities() ever.
This function has been obsoleted long time ago.
Use htmlspecialchars() instead.
you have also bunch of nonsense in your code
doing htmlentities(nl2br(*)) has no sense.
make stripslashes conditional, only if magic quotes are set on.
there is a possible problem with pays field.
I am also afraid that you're taking htmlentities as some sort of SQL escaing function. Am I right?
In my opinion, and according to the PHP doc, the accepted answer is not correct.
Nowhere it is written that this function has been deprecated.
If you set correctly the third argument of the function, called $encoding, it will solve your problem.
I hope this helps.