Wagtail
-
Posts
136 -
Joined
-
Last visited
-
Days Won
1
Posts posted by Wagtail
-
-
Yeah, that kind of doesn't make sense. If FILTER_SANITIZE_STRING is turning the apostrophe into its entity version, then there's no apostrophe to be escaped by mysqli_real_escape_string() and there's no un-escaped apostrophe to break the query.
Yes, so that means I shouldn't use FILTER_SANITIZE_STRING before using mysqli_real_escape_string()? I need to have the apostrophe in the string.
Thank you!
-
Hi Larry,
I think the problem lies in my running the variable through FILTER_SANITIZE_STRING before I use mysqli_real_escape_string. The apostrophe in 'Larry's forum' turns into '.
Do you think I should thus forgo using filter_input or use something else in place of it?
Thank you for helping me!
$sanitized_name = filter_input(INPUT_GET, 'name', FILTER_SANITIZE_STRING); $escaped_name = mysqli_real_escape_string($dbc, $sanitized_name); $q = "SELECT ... WHERE name = '$escaped_name' ";
-
Hello forum members,
I am using mysqli_real_escape_string but when I run the query with the escaped variable, the query no longer works.
The queries below include pseudo-code.
$name = "larry's forum"; $escaped_name = mysqli_real_escape_string($dbc, $name); $q = "SELECT ... WHERE name = '$escaped_name' ";
The printed query looks like this:
SELECT ... WHERE ... name = 'Larry's forum'
The apostrophe appears to be the problem. What am I doing wrong?
Thanks in advance!!!
-
Hello Antonio,
my apologies for the late reply! Due to unforseen circumstances I haven't had a chance to test the try-catch. I'll let you know how it goes.
I'm currently occupied with studies and begin the job in June.
Okay, that's great! Have a good day.
-
Hi Antonio,
thank you for your help although I'm not yet sure if I can implement it. I haven't used a try-catch before.
It's good to hear from you, I trust you are enjoying your new job?
-
Hi Larry,
Happy Easter to you as well!Thank you.
I have changed the validate_date function by removing the checkdate validation. My incoming string is now in the format 22-04-2014 and I'm using strtotime to validate the date. This works but if someone enters a date such as 2014-05-09 I receive an error stating “DateTime::setDate() expects parameter 1 to be long, string given”. I don't know how I can force strtotime to only accept the dd-mm-yy format. Do you have any other suggestions? I'd really like to have a day month year format but if this doesn't work then I'll probably have to use the format in the original script.
My validate_date function now solely consists of the following:
function validate_date($date) { if(strtotime($date)) { return $date; } } // End of validate_date() function.Thank you, and I appreciate your help with this!
-
Hi Larry,
thank you for replying to my thread. I've set the datepicker's date format to dd/mm/yy and also changed $format = 'm/d/Y' to $format = 'd/m/Y'. With this I get the error message "One or both of the submitted dates was invalid.". I think the checkdate function could be the problem because the checkdate format is month, day, year and what I'm putting in is day, month, year?
Thank you. Happy Easter by the way.
-
Thank you for the link. I changed the script a bit and now I receive the error message:
One or both of the submitted dates was invalid
The datepicker uses the dd/mm/yy format, such as 22/04/2014. Must I change $format = 'm/d/Y' to $format = 'd/m/Y'? Also, I'm not sure if the day and month variables must be swapped around in the below code:
if (isset($_POST['start'], $_POST['end'])) { // Call the validation function on both dates: if ( (list($sm, $sd, $sy) = validate_date($_POST['start'])) && (list($em, $ed, $ey) = validate_date($_POST['end'])) ) { // If it's okay, adjust the DateTime objects: $start->setDate($sy, $sm, $sd); $end->setDate($ey, $em, $ed);Here is the full original script:
<?php # Script 16.5 - datetime.php // Set the start and end date as today and tomorrow by default: $start = new DateTime(); $end = new DateTime(); $end->modify('+1 day'); // Default format for displaying dates: $format = 'm/d/Y'; // This function validates a provided date string. // The function returns an array--month, day, year--if valid. function validate_date($date) { // Break up the string into its parts: $array = explode('/', $date); // Return FALSE if there aren't 3 items: if (count($array) != 3) return false; // Return FALSE if it's not a valid date: if (!checkdate($array[0], $array[1], $array[2])) return false; // Return the array: return $array; } // End of validate_date() function. // Check for a form submission: if (isset($_POST['start'], $_POST['end'])) { // Call the validation function on both dates: if ( (list($sm, $sd, $sy) = validate_date($_POST['start'])) && (list($em, $ed, $ey) = validate_date($_POST['end'])) ) { // If it's okay, adjust the DateTime objects: $start->setDate($sy, $sm, $sd); $end->setDate($ey, $em, $ed); // The start date must come first: if ($start < $end) { // Determine the interval: $interval = $start->diff($end); // Print the results: echo "<p>The event has been planned starting on {$start->format($format)} and ending on {$end->format($format)}, which is a period of $interval->days day(s).</p>"; } else { // End date must be later! echo '<p class="error">The starting date must precede the ending date.</p>'; } } else { // An invalid date! echo '<p class="error">One or both of the submitted dates was invalid.</p>'; } } // End of form submission. // Show the form: ?>Thank you!
-
Hello forum members,
I'm using the datetime.php script from chapter 16, but am having some difficulties in changing the format of the dates. The format of the dates is 'm/d/Y; which I've changed to 'd/m/Y'. But how do I convert a date such as 17/04/2014 to 17 April 2014 or to Thursday, 17 April 2014? I've tried various date functions such as strtotime - however this only accepts "American month, day and year"?
Please help me with this if you can.
Thank you in advance.
-
All right, thanks for getting back to me on this.
Ciao.
-
Thanks Larry, will sort that out.
Cheers.
-
Hi forum members,
this has been bugging me for a long time. Is it ok to have WampServer running while being connected to the Internet? I heard somewhere that this isn't a good idea, so I'm constantly switching WampServer on and off which is highly annoying.
Also, can I use my database using phpmyadmin while connected to the web?
Thank you!
-
Hi HartleySan and Larry,
thank you both for replying to my thread. I am going to have a look at what some of the bigger sites are doing with regards to query strings.
Two things will happen if the query string is too long. One is the server error, which is actually bad (in that users shouldn't see that).
Bad from a user-experience standpoint for sure, but is there a security risk as well? The error message I encountered did not have any details that could be used for "bad" purposes, but perhaps this depends on the host/server?
I am using pagination so using sessions wouldn't be the best idea?
Thanks again.
-
Hello forum members,
I need some advice with regards to query string lengths.
I am allowing users to filter records via form inputs such as checkboxes and radio buttons. The form has quite a few categories and I'm worried that the query string might become too long. I could pass integers instead of strings but from a useability standpoint it's probably better to use strings so people can "read" the URL. But again, if the query string becomes too long, the entire URL does not show in the browser - so that also doesn't help much.
I tested one website by making as many selections as I could and an error message appeared, something about "server" and "limit". I can't recall the exact message. Is an error message the worst that can happen if the query string exceeds a specific length?
Your thoughts?
Thank you.
-
You should be able to change to joins instead and use ORDER BY then.
Thanks. What I am now doing is looping all of the content into separate arrays which I can then slice, dice and do as I please. As the saying goes 'if in doubt, use an array'.
Everything is very good. I accepted my first full-time job as a Web Developer yesterday. I'll by working with the Symfony2 Stack, EZPublish, some front-end coding and some customer meetings and sales. It's the total dream job for me.
Awesome stuff, congratulations Antonio.
That must have made your weekend. So I guess you won't be hanging around too much in the forums? Anyway, congrats again and good luck with your new job! Let us know how it goes. -
Hi Antonio,
how are you doing?
Thanks, I have done that but it doesn't seem to order them alphabetically. I put the ORDER BY at the end of the query. If I add separate ORDER BY statements for each SELECT I get an error message.
SELECT r.rooms_name, 'room' AS type // blah blah... AND h.hotel_name = 'le grand hotel' UNION SELECT f.features_name, 'feature' AS type // blah blah... AND h.hotel_name = 'le grand hotel' UNION SELECT s.services_name, 'service' AS type // blah blah... AND h.hotel_name = 'le grand hotel' ORDER BY type ASC;
-
Hi HartleySan,
could you please help me with the following?
My query now includes 2 unions so I'll have something like:
SELECT r.rooms_name, 'room' AS type // blah blah... AND h.hotel_name = 'le grand hotel' UNION SELECT f.features_name, 'feature' AS type // blah blah... AND h.hotel_name = 'le grand hotel' UNION SELECT s.services_name, 'service' AS type // blah blah... AND h.hotel_name = 'le grand hotel';
Do you know how I can show the returned info alphabetically?
All rooms, features and services must be in alphabetical order:
Standard Room Wedding Suite Cinema Mountain Bike Trails Pool Aromatherapy massages Room service
Please let me know if this can be done.
Thank you!
-
HartleySan, thank you for helping me!
It's working. I couldn't understand what the problem was until I saw that I had initialized $names after the foreach loop had already begun. But don't tell anyone...
Thanks again.
Cheers
-
Hello forum members,
is it possible to assign the contents of a foreach loop to a variable?
I am looping out some names. If the foreach loop loops out 5 names, then I'd like all 5 names to be assigned to the $names variable. I think this was working yesterday but perhaps I was imagining things.
$names = ''; foreach($names as $k => $v){ $names .= "<p>$v</p>"; } echo $names;Thank you for your help.
-
Ok, thanks. Just wanted to clarify that.
Hope you have a good weekend.
Ciao
-
Thank you very much for the example. It helps me to see the actual code.
The above function is just an example, but you'd be better to generalize the function to something like validate_checkboxes, and then pass the function a string argument that would affect which data is compared against which
You mean if I have different checkboxes or different arrays (such as fabric, or color), I would then pass in the name of the array as a string? Sorry, functions still give me some difficulties
.Thanks for your time.
-
Thank you for replying!
I looked at my earlier thread but I don't see the relevance. Currently I'm using strings as values for the checkboxes which is why I asked about using strip_tags() or FILTER_SANITIZE_STRING(). Perhaps strip_tags() or FILTER_SANITIZE_STRING() isn't necessary - I don't know. The other thread was about select menus which used integers as values.
If I do use integers, then I'd be grateful if you or someone else could please show me how to use an array, such as $gender below, to validate checkboxes. I am just trying to understand how this is done. A short example should suffice.
$gender = array(1 => 'male', 'female');
Thank you!
-
Hello everyone,
I have a quick question about validating checkbox values.
My checkboxes are in the following format:
<input type="checkbox" name="color[]" value="orange">orange <input type="checkbox" name="color[]" value="blue">blue <input type="checkbox" name="fabric[]" value="cotton">cotton <input type="checkbox" name="fabric[]" value="wool">wool
I then check if the $_POST variables are set:
if (isset($_POST['color'])){ // perform validation } if (isset($_POST['fabric'])){ // perform validation }What would be the best way to validate $_POST['color'] and $_POST['fabric']? Should I run them through strip_tags() or FILTER_SANITIZE_STRING()? The values are then run through mysqli_real_escape_string() before they are used in a query.
Is this OK?
HartleySan, I think that you have mentioned that you set number values for checkboxes, radio buttons and the like. You then have an array such as the following:
$gender = array(1 => 'male', 'female');
But how exactly would you go about validating the inputs? Could you please provide an example?
Thank you in advance!!!
-
Mysqli_Real_Escape_String - Query Problem
in PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (4th Edition)
Posted
Hi HartleySan,
No, but if I first use FILTER_SANITIZE_STRING then there's no more apostrophe in the string, since it gets converted to '. I'll have to skip FILTER_SANITIZE_STRING and use mysqli_real_escape_string on its own. Am I Right?
Thanks.