> From: Jochem Maas [mailto:[EMAIL PROTECTED]
> Sent: Fri 26/05/2006 15:54
>
> Brad Bonkoski wrote:
> > All...
> > A lot has been said recently about the dangers of the family of
> > magic_quotes...
> > I understand the dangers.
> > The question is, for those of us using a database that does not
> From: Brad Bonkoski [mailto:[EMAIL PROTECTED]
> Sent: Fri 26/05/2006 15:41
>
> A lot has been said recently about the dangers of the family of
> magic_quotes...
> I understand the dangers.
> The question is, for those of us using a database that does not have a
> *real_escape_string function...O
Brad Bonkoski wrote:
...
this adds single quotes automatically - addslashes (unless Im mistaken -
wouldnt be the first time) would add slashes (and not single quotes)
which is not what you want.
Only done automatically IFF magic_quotes_gpc is ALSO on, which in my
case it is off.
excerp
Jochem Maas wrote:
Brad Bonkoski wrote:
Jochem Maas wrote:
...
Understood what the esacpe character needs to be...the question is
the best way to get it there?
Currently I have:
magic_quotes_sybase = On
this adds single quotes automatically - addslashes (unless Im mistaken -
wou
Brad Bonkoski wrote:
Jochem Maas wrote:
...
Understood what the esacpe character needs to be...the question is the
best way to get it there?
Currently I have:
magic_quotes_sybase = On
this adds single quotes automatically - addslashes (unless Im mistaken -
wouldnt be the first time) w
Brad Bonkoski wrote:
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
*real_escape_string function...Oracle for example.
What is the *best* way to escape quot
Jochem Maas wrote:
Brad Bonkoski wrote:
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have
a *real_escape_string function...Oracle for example.
What is the *
Brad Bonkoski wrote:
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
*real_escape_string function...Oracle for example.
What is the *best* way to escape quot
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
*real_escape_string function...Oracle for example.
What is the *best* way to escape quotes for DB insertion?
I
What also works is this:
print 'value="'. $foo['bar'] . '"';
Read the manual section on strings:
http://php.net/types.string
Regards,
Philip
On Thu, 27 Jan 2005, Giles wrote:
> Thanks, that works great.
>
> Knew that worked for JavaScript but didn't know it worked for PHP.
>
> > print("v
p.net
Subject: Re: [PHP] escaping quotes
John Holmes wrote:
> print("value="\" . $attributes["messageSubject"] . "\"");
Slight typo there:
"value=\"" . ...
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://ww
John Holmes wrote:
> print("value="\" . $attributes["messageSubject"] . "\"");
Slight typo there:
"value=\"" . ...
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Jochem Maas wrote:
I had a parrot idea whilst writing this.. (see bottom)
...
---
ParrotTalk: I think that this topic of string interpolation/quotes
deserves 'parrot' attention which made me think that maybe the parrot
could parse for markers (that if added to an email by an autorized poster)
w
Giles wrote:
Hi Guys
Really simple question. How do I change the following:
print("value='" . $attributes["messageSubject"] . "'");
to have double quotes around the subject field instead. i.e.:
print("value="" . $attributes["messageSubject"] . """);
print("value="\" . $attributes["messageSubject"]
> Hi Guys
>
> Really simple question. How do I change the following:
>
> print("value='" . $attributes["messageSubject"] . "'");
>
> to have double quotes around the subject field instead. i.e.:
>
> print("value="" . $attributes["messageSubject"] . """);
>
Simple:
Print ("value=\""{$attribut
To view the terms under which this email is distributed, please go to
http://disclaimer.leedsmet.ac.uk/email.htm
On 27 January 2005 12:14, Giles wrote:
> Hi Guys
>
> Really simple question. How do I change the following:
>
> print("value='" . $attributes["messageSubject"] . "'");
>
> to hav
I had a parrot idea whilst writing this.. (see bottom)
Giles wrote:
Hi Guys
Really simple question. How do I change the following:
print("value='" . $attributes["messageSubject"] . "'");
to have double quotes around the subject field instead. i.e.:
print("value="" . $attributes["messageSubject"] .
Hi,
Try this
print("value=\"" . $attributes["messageSubject"] . "\"");
Binoy
__ __ __ __
Sent via the WebMail system at softwareassociates.co.uk
---
Scanned by MessageExchange.net (12:54:20 SPITFIRE)
--
PHP Ge
Hi Guys
Really simple question. How do I change the following:
print("value='" . $attributes["messageSubject"] . "'");
to have double quotes around the subject field instead. i.e.:
print("value="" . $attributes["messageSubject"] . """);
thanks
Giles Roadnight
http://giles.roadnight.name
--
[snip]
2) By not escaping quotes in the data
...
You can do it this way but you must make sure that any strings in your
values array have been escaped before with
[/snip]
There is no quotes in the data. The data coming in is a $_POST array.
$dbmssql->dbinsert($_POST, $table);
However this did
On Thu, 12 Aug 2004 12:34:30 +1000, Tom Rogers <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Thursday, August 12, 2004, 10:03:32 AM, you wrote:
> AH> Hi All,
>
> AH> I have this expression;
> AH> $query = "INSERT INTO $table (%s) VALUES (%s)";
> AH> $query = sprintf($query, implode("
Hi,
Thursday, August 12, 2004, 10:03:32 AM, you wrote:
AH> Hi All,
AH> I have this expression;
AH> $query = "INSERT INTO $table (%s) VALUES (%s)";
AH> $query = sprintf($query, implode(",", $fld), implode(",",
AH> $val));
AH> $result = mssql_query($query) or die($er
On Wed, 11 Aug 2004 19:03:32 -0500, Alex Hogan
<[EMAIL PROTECTED]> wrote:
> Hi All,
>
> I have this expression;
> $query = "INSERT INTO $table (%s) VALUES (%s)";
> $query = sprintf($query, implode(",", $fld), implode(",",
> $val));
> $result = mssql_quer
Hi All,
I have this expression;
$query = "INSERT INTO $table (%s) VALUES (%s)";
$query = sprintf($query, implode(",", $fld), implode(",",
$val));
$result = mssql_query($query) or die($errmsg);
I am trying to insert values from an array into the database
> -Original Message-
> From: Erik Price [mailto:[EMAIL PROTECTED]]
> Sent: 18 February 2003 18:11
>
> PS: I am using htmlentities() on the output before displaying
> it in the
> browser, but it doesn't apply to singlequotes.
Ahem! I quote from http://www.php.net/manual/en/function.html
On Tue, 18 Feb 2003 13:10:33 -0500, you wrote:
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Hi,
I am running into a problem, that I'm certain I've had before but for
some reason don't remember how to handle. If anyone can advise me on
what to do here, that would be great.
I have a PHP script that accepts some user input and validates it, and
if the validation fails, it re-displays t
> From: "1LT John W. Holmes" <[EMAIL PROTECTED]>
>
>> I'm having a problem escaping double quotes in email messages sent with
>> mail(). The message is built as a string and assigned to a variable and
> the
>> variable name is passed to the mail function.
>>
>> The double quotes appear correctly
> I'm having a problem escaping double quotes in email messages sent with
> mail(). The message is built as a string and assigned to a variable and
the
> variable name is passed to the mail function.
>
> The double quotes appear correctly in a simple test like this:
> $message = "This message uses
I'm having a problem escaping double quotes in email messages sent with
mail(). The message is built as a string and assigned to a variable and the
variable name is passed to the mail function.
The double quotes appear correctly in a simple test like this:
$message = "This message uses 'single' an
e how the 'O' is taken as the string, and the rest is ignored.
Same for the double quotes.
---John Holmes...
- Original Message -
From: "Robert Cummings" <[EMAIL PROTECTED]>
To: "John Hughes" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Se
See: http://www.php.net/manual/en/function.htmlspecialchars.php
John Hughes wrote:
>
> I'm stumbling over how to allow people to put single or double quotes
> in a form text field.
>
> I am passing the form to itself ($PHP_SELF) and on the second time
> through previewing what the form data wil
I'm stumbling over how to allow people to put single or double quotes
in a form text field.
I am passing the form to itself ($PHP_SELF) and on the second time
through previewing what the form data will look like and also
re-creating the form with the data already filled in.
Here's an example of
*screams, "I'm such a newbie!!"*
I didn't know I had to declare $PHP_SELF with "global" before using it
inside a function. Sorry! Works now! Thanks very much! =)
"Miguel Cruz" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Are you inside a function, having negl
Are you inside a function, having neglected to do
global $PHP_SELF;
?
miguel
On Tue, 19 Mar 2002, Dr. Shim wrote:
> Strangley enough, $PHP_SELF is empty. Nothing appears when I do it the way
> Bob and you suggested, the "action" property equals "".
>
> "Miguel Cruz" <[EMAIL PROTECTED]> wrot
Strangley enough, $PHP_SELF is empty. Nothing appears when I do it the way
Bob and you suggested, the "action" property equals "".
"Miguel Cruz" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
On Tue, 19 Mar 2002, Dr. Shim wrote:
> Hmmm. How about this?
>
> echo
On Tue, 19 Mar 2002, Dr. Shim wrote:
> Hmmm. How about this?
>
> echo " . "\">";
You're concatenating "echo $PHP_SELF" rather than just $PHP_SELF, which
isn't necessarily helping. But just between me and you, life would be a
lot easier if you simply did:
echo '';
miguel
--
PHP General Mai
You need to remove the second echo.
On Tue, 19 Mar 2002, Dr. Shim wrote:
> Hmmm. How about this?
>
> echo " . "\">";
>
>
> "Miguel Cruz" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> On Tue, 19 Mar 2002, Dr. Shim wrote:
> > Well, this is a fairly simpl
Hmmm. How about this?
echo "";
"Miguel Cruz" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
On Tue, 19 Mar 2002, Dr. Shim wrote:
> Well, this is a fairly simple problem. I'm having problems with escaping a
> string, and then ending the string right after the e
On Tue, 19 Mar 2002, Dr. Shim wrote:
> Well, this is a fairly simple problem. I'm having problems with escaping a
> string, and then ending the string right after the escape! For example,
>
> echo "Then Johnathan said, \"That's exactly what I said!\"";
>
> I get a parse error on the line where t
Well, this is a fairly simple problem. I'm having problems with escaping a
string, and then ending the string right after the escape! For example,
echo "Then Johnathan said, \"That's exactly what I said!\"";
I get a parse error on the line where the string is. Very simple problem, I
just can't s
41 matches
Mail list logo
