Im fetching an array from my sql database, but the string has spaces in it (ie B54DT45 GDT4563 HaK7698).
This needs to go into a webadress like %30B54dT45%20 so that the outcome is
Here is my code:
$pid = mysql_query("SELECT cPushID FROM tblUsers WHERE intUserID='20' AND Length(cPushID) > 70 AND cAlerts = 'All'");
$url = rawurlencode("");
$msg = "test";
file_get_contents("http://domain/push.php?msg=$msg&to=$url");
The string in the database is something like as an example. That exact string needs to be send to the push.php script on the remote server for it to run correctly
rawurlencode()
because the space must be %20 according to the question.
edit: the question wasn't very clear, but to add < and > before encoding, just do
rawurlencode("<$txt>");
edit: the question has evolved into a mysql question, here's a short answer
$res = mysql_query("SELECT `this` FROM `that`");
$row = mysql_fetch_row($res);
$this = $row[0];
or
$res = mysql_query("SELECT `this` FROM `that`");
$row = mysql_fetch_assoc($res);
$this = $row['this'];
urlencode or rawurlencode, depending on if you want spaces as + or %20.
Use urlencode then urldecode it before inserting it to the database.
Related
I have this very strange issue that doesn't make sense at all.
Basically I have a MYSQL database (wordpress database) that holds the wordpress post contents.
I need to use this database and create a JSON file which I can easily do that using the following code.
However, the post_content column in the database holds some strange white/blank spaces that causes my JSON to break and shows a null.
And example of the content that breaks my json code is like this:
<p style="text-align: left;">Techno</p>
3.0 Techno
3.2 Techno
IMPORTANT: Please do not copy/paste the content above if you want to test it because for some reason Stackoverflow fixed whatever issue that content has. I've uploaded it in a .txt file here: https://ufile.io/hyecu
The strange part is that I cannot figure out why when I delete the blank/white spaces manually and then put them again manually, my json works fine!!
This is my PHP file that creates the JSON:
header('Content-type: application/json');
$sql="SELECT * FROM wp_posts WHERE post_status = 'inherit' AND post_title = '$get'";
//$query = mysqli_query ($db_conx, "SET NAMES 'utf8'");
$query = mysqli_query($db_conx, $sql);
$existCount = mysqli_num_rows($query);
$return_arr = array();
while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
$row_array['ID'] = $row['ID'];
$row_array['post_title'] = $row['post_title'];
$row_array['post_content'] = $row['post_content'];
array_push($return_arr,$row_array);
}
echo json_encode($return_arr);
And this the output of this page:
[{"ID":"31","post_title":"test","post_content":null}]
Can someone please advice on this issue?
Thanks in advance.
So, a bit of testing, I was able to duplicate your issue. Try this:
$return_arr = array();
while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
$row_array['ID'] = 123456;
$row_array['post_title'] = "Title";
$row_array['post_content'] = htmlentities($row['post_content']);
array_push($return_arr,$row_array);
}
Now, if you're not able to use the results, at least you know what characters are ACTUALLY in there, and you can write some sort of str_replace() or regex to take care of it.
Okay, I've tried this code and it worked perfectly:
$row_array['post_content'] = mb_convert_encoding($row['post_content'], "UTF-8");
This code will convert the post_content to UTF-8.
So I'm having an issue that seems like it should be a pretty simple fix but I can't seem to figure it out.
I'm using prepared statements to query data from my SQL and the return is correct. I have var_dumped the result and confirmed the the information is there.
The table shows this: 2 'all of the way'
The array variable shows this: 2 \'all of the way\'
But when I echo it to the page, I see this: 2
I have tried htmlspecialchars, htmlentities, addslashes, stripslashes and a few combinations of those. Is there a function I'm missing here? Google isn't really helpful because the words to describe the problem are pretty generic.
Thanks in advance!
EDIT
Sorry - didn't add my code because I assumed it was a function I wasn't familiar with. Here it is.
$Res = $db -> query("SELECT * FROM 01_02_item WHERE ParID = $ParID AND active = 1 ORDER BY OrderID") -> fetchAll(PDO::FETCH_ASSOC);
if(empty($Res[0])) $return = "<span class = 'nodata'>No data</span>";
foreach($Res as $r){
$id = $r['id'];
$name = htmlspecialchars($r['Name']);
$title = stripslashes(htmlspecialchars($r['Description']));
$return .= "<li href = '$id' title = '$title' name = '$name'>$name</li>";
}
return $return;
By default htmlspecialchars() doesn't escape single quotes.
You should use htmlspecialchars('foobar', ENT_QUOTES).
Finally i am migrating from sql to PDO but i am little bit confused about string'
Here is my code which work perfect and secured from sql injection
$connect = new PDO("mysql:host = localhost;dbname=sqlitest" , "root" , "");
$catId = $_GET["Id"]; //Id = int eg:1
$query = "select * from viewimage where ImageCategory =? ";
$result = $connect->prepare($query);
$result->execute(array($catId));
$result->setFetchMode(PDO::FETCH_ASSOC);
while($fetch = $result->fetch()):
$img = $fetch["Image"];
echo "<img src='img/event/$img' height='300px' width='300px'>";
endwhile;
but when $catId = $_GET["Id"]; where Id is a string string eg: ColorDay and i try
localhost/test/view.php?id=ColorDay'
no image display in above case if I put
localhost/test/view.php?id=1'
result same and redirect on same page containing image,which command should i use to secured from 'No Image Result' in string
this line:
$result->execute(array($catId));
Makes your code secure. If the image is not returned, it's another problem but to me it looks like it's an expected behavior.
Encode any string that goes into your url and decode data before you use in application (see this)
Watch out for XSS, don't just output string from your database to browser.
See this answer on how to completely prevent SQL Injection.
This question is a bit basic and have been covered many times but I'm not sure why my code doesn't do anything. it doesn't update string at all.
this is my code:
$fineImage = "users_fav/".$_GET['id']."/$newname";
$icon = "<img src='images/icon.png' height='70' width='70' />";
$sql = "UPDATE $lchat SET user_message = replace(user_message, '$icon', '$fineImage')";
$query = mysqli_query($db_conx, $sql);
the problem is that if I change the '$icon', '$fineImage' to something like 'david', 'mark'. it works fine and it will replace the david with mark...!
so why doesn't it work the way i do it?
It's likely that your call to MySQL's REPLACE(input, before, after) is failing to find before in its input, so is returning input unmodified.
Why could this be? Several reasons:
user_message doesn't contain what you think it contains. For example, are the < and > tags entitized (that is, coded with < and the like)?
you're replacing a full <img..> tag with your $fine_image. Is $fineimage also an <img ...> tag?
your before parameter contains embedded single quote characters. That could conspire to make your SQL string invalid.
Try this:-
$sql = "UPDATE {$lchat} SET `user_message` = replace(`user_message`, '{$icon}', '{$fineImage}')";
Make sure you have $lchat, $icon, $fineImage defined. :)
I'm dealing with strange problem.
$result = mysql_query("SELECT link FROM item WHERE item_id='$id2'") or die(mysql_error());
$row = mysql_fetch_assoc($result);
$picture = ''.$row['link'].'';
echo"$picture";
Gives me result http://127.0.0.1/1321426277. without ending, while in column link link is: http://127.0.0.1/1321426277.jpg. Why it cuts ending?
For testing purposes please run
$result = mysql_query("SELECT link, Length(link) as l FROM item WHERE item_id='$id2'") or die(mysql_error());
$row = mysql_fetch_assoc($result);
if ( !$row ) {
echo 'no such record';
}
else {
$l = strlen($row['link']);
var_dump($l, $row['l'], $row['link']);
$picture = $row['link'];
echo "'$picture'";
}
and post the result.
I don't see anything in your code that would cause the link to be truncated. Have you checked to make sure you have the correct data in your table?
It looks like a bug in the data. Print out (and select) the ID at both places (the query in your question and the other place where you use it in img src tag). I bet they will differ. Or, you should check SELECT count(1) FROM item WHERE item_id='xxx'*, where xxx is the ID of the magic record.
Ah now I see = the problem is because you code contains an 'r' after the 'o' rather then before - it is so clear now because you provided such a complete example of the behavior that I replicate on my machine.
WTF