Gardacus Posted June 4, 2012 Share Posted June 4, 2012 Hi everyone. I am running into a problem at the register.php script I am from Holland and in both our city names as in first and last names, apostrophs and other punctuation marks are used. For intance 's-Gravenhage is the official name of The Hague. Or a common last name is In 't Groen The script does not seem to allow this, because it keeps returning that I need to enter a valid last name. the code is: // Trim all the incoming data: $trimmed = array_map('trim', $_POST); // Assume invalid values: $fn = $ln = $e = $p = FALSE; ---------- // Check for a last name: if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['last_name'])) { $ln = mysqli_real_escape_string ($dbc, $trimmed['last_name']); } else { echo '<p class="error">Fill in your last name please!</p>'; } ----------- If I enter a name as in the example In 't Groen... it would re-fill the line with In \'t Groen. To prevent that from happening I rewrote the form for the last name: <tr><td><b>Last Name:</b></td><td><input type="text" name="last_name" size="20" maxlength="40" value="<?php if (isset($trimmed['last_name'])) echo stripslashes($trimmed['last_name']); ?>" /></td></tr> My question is, how can I allow these characters such as ' and é ï, which we also use a lot, to pass beyond the script and inject it safely into the database? Thanks again! Mike Link to comment Share on other sites More sharing options...
Paul Swanson Posted June 4, 2012 Share Posted June 4, 2012 In the form input field, your code should be echoing $_POST['last_name'], not the escaped variable. It's the escaping that is adding the slash. Try this: <tr> <td><b>Last Name:</b></td> <td><input type="text" name="last_name" size="20" maxlength="40" value="<?php if (isset($_POST['last_name'])) echo $_POST['last_name']; ?>" /></td> </tr> Your form should re-fill the line with exactly what was typed into it. The escaped value is intended only for use in a database query. Once you retrieve it from the database, if you need to display it in a web page, you will need to use stripslashes() on it. Link to comment Share on other sites More sharing options...
Gardacus Posted June 4, 2012 Author Share Posted June 4, 2012 Hi Paul Thanks for your help! Unfortunately the result remains the same. But I have no idea why... So even with your code, it still show in \'t Groen Plus The fact that the apostroph is not accepted by the preg_matching I guess... what else would stop it? I am not even injecting it yet in the database. What I mean is, the rest of the original register.php as written in Larry's book, checks if you enter a first name, last name, email address and twice your password. So forgetting either of those, will fill in the already entered info and warn you about the wrong or forgotten ones. But I have no idea what causes the preg_match to state that the entered last name, containing the ' is not a valid last name. Any ideas? Thanks Mike Link to comment Share on other sites More sharing options...
Larry Posted June 4, 2012 Share Posted June 4, 2012 You have magic quotes on, which is adding the slash, which isn't allowed by the pattern. Link to comment Share on other sites More sharing options...
Gardacus Posted June 4, 2012 Author Share Posted June 4, 2012 Hi Larry Thanks for your answer (and your wisdom!!!) That's going to be a challenge... I will have to find a workaround for this, as I am running the scripts from a hosted site, in which I cannot change anything in the php.ini. I will snoop around Mike Link to comment Share on other sites More sharing options...
Larry Posted June 4, 2012 Share Posted June 4, 2012 You're quite welcome. You can just apply stripslashes() to any form data to undo the effect of Magic Quotes. Link to comment Share on other sites More sharing options...
Gardacus Posted June 4, 2012 Author Share Posted June 4, 2012 Larry I found this and added it in the header file of the login script: if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc() === 1){ $_POST = array_map( 'stripslashes', $_POST ); $_GET = array_map( 'stripslashes', $_GET ); $_COOKIE = array_map( 'stripslashes', $_COOKIE ); } It seems to do the trick... as I need this on more locations (us Dutchies are like the French with our apostrophs hahaha) Mike Link to comment Share on other sites More sharing options...
Larry Posted June 5, 2012 Share Posted June 5, 2012 Yep. That's great. Thanks for sharing. Link to comment Share on other sites More sharing options...
Gardacus Posted June 5, 2012 Author Share Posted June 5, 2012 Larry, you're welcome Glad I can do something in return! You're a great teacher and I love reading and learning from your books! Thanks again Mike Link to comment Share on other sites More sharing options...
Larry Posted June 6, 2012 Share Posted June 6, 2012 Thanks. Very nice of you to say! Link to comment Share on other sites More sharing options...
Recommended Posts