Le 23/04/2010 10:05, Ashley Sheridan a écrit :
By default, PHP sends out HTML headers. Browsers ignore extraneous
white-space characters, and also new lines, carriage returns and tabs,
converting them all to a single space character.
For completeness, the white-space discarding depends about
You can also just send out the correct Header for plain text. But your
HTMl will not be interpreted then.. So this makes only sense if you
actually want plain text as the output format.
header("Content-type: text/plain; charset=utf8");
echo "foo\nbar";
Regards
2010/4/23 Nick Balestra :
> Thanks
Thanks everybody!
On Apr 23, 2010, at 10:05 AM, Ashley Sheridan wrote:
> On Fri, 2010-04-23 at 09:51 +0200, Nick Balestra wrote:
>>
>> Hello guys i am trying to figure out what is worng with thoose special
>> escaped character, like \n \t \r ...
>>
>> As i cannot make them working. The browser
On Fri, 2010-04-23 at 09:51 +0200, Nick Balestra wrote:
> Hello guys i am trying to figure out what is worng with thoose special
> escaped character, like \n \t \r ...
>
> As i cannot make them working. The browser doesn't display them, but doesn't
> eithr crate a new line, or else.
> I am usin
Hello guys i am trying to figure out what is worng with thoose special escaped
character, like \n \t \r ...
As i cannot make them working. The browser doesn't display them, but doesn't
eithr crate a new line, or else.
I am using them fro example like this:
print: "this shoudl be on a line \nwhi
2009/4/21 Chris :
>
How does one deal with that? Do you use mysql_real_escape_string?
e.g.
>>> $db_host = 'localhost';
$db_user = 'auser';
$db_pwd = 'apassword';
$database = 'adatabase';
$table = 'authorBook';
if (!mysql_connect($db_host, $db_user,
How does one deal with that? Do you use mysql_real_escape_string?
e.g.
Inputs are user supplied.
Are you saying that I don't need to sanitize the variables above -
$db_host, $db_user, $db_pwd, $database, $table ?
No - they are essentially hardcoded.
A user (through a form or any other
Bastien Koert wrote:
> On Wed, Feb 18, 2009 at 8:34 AM, PJ wrote:
>
>
>> To focus on mysql_real_escape_string, I am recapping... questions below
>> QUOTE:==
>> Instead of doing this (for an imaginary table):
>> $sql = "insert into table1(field1, field2) values ('$value1', '$value2')";
>
Shawn McKenzie wrote:
> tedd wrote:
>>> I think you want to look for magic_quotes_gpc
>>>
>>>
>>> --
>>> Thanks!
>>> -Shawn
>>
>> -Shawn:
>>
>> You were right.
>>
>> I'll fix it.
>>
>> Thanks,
>>
>> tedd
>
> I normally have a prep4display() and prep4store() type function that do
> all of the sens
tedd wrote:
>> I think you want to look for magic_quotes_gpc
>>
>>
>> --
>> Thanks!
>> -Shawn
>
>
> -Shawn:
>
> You were right.
>
> I'll fix it.
>
> Thanks,
>
> tedd
I normally have a prep4display() and prep4store() type function that do
all of the sensitization/prep for either storing or display
tedd wrote:
> At 9:12 PM -0700 4/9/09, Jim Lucas wrote:
>> tedd wrote:
>>> At 5:03 PM +0200 4/9/09, Jan G.B. wrote:
You might want to use htmlspecialchars($str, ENT_QUOTES)
>>>
>>> OUT from db to html
>>>
>>> and
>>>
mysql_real_escape_string(stripslashes($_POST['yourself']));
>>>
>>
At 9:12 PM -0700 4/9/09, Jim Lucas wrote:
tedd wrote:
At 5:03 PM +0200 4/9/09, Jan G.B. wrote:
You might want to use htmlspecialchars($str, ENT_QUOTES)
OUT from db to html
and
mysql_real_escape_string(stripslashes($_POST['yourself']));
The above tells me that you probably need to look
tedd wrote:
At 5:03 PM +0200 4/9/09, Jan G.B. wrote:
You might want to use htmlspecialchars($str, ENT_QUOTES)
OUT from db to html
and
mysql_real_escape_string(stripslashes($_POST['yourself']));
The above tells me that you probably need to look at your magic quotes setting.
Typically,
At 5:03 PM +0200 4/9/09, Jan G.B. wrote:
You might want to use htmlspecialchars($str, ENT_QUOTES)
OUT from db to html
and
mysql_real_escape_string(stripslashes($_POST['yourself']));
IN to db from html
Thanks, that worked.
Cheers,
tedd
--
---
http://sperling.com http://ancientst
2009/4/9 tedd :
> Hi gang:
-.-
>
> I'm gathering information from a user, storing that data in a db, and then
> showing it back to the user. It's a simple process and can bee seen here in
> this address book demo (not real people):
>
> http://php1.net/a/edit-db-demo
>
> I gather information from
Hi gang:
I'm gathering information from a user, storing that data in a db, and
then showing it back to the user. It's a simple process and can bee
seen here in this address book demo (not real people):
http://php1.net/a/edit-db-demo
I gather information from the user via a $_POST[]; like thi
Actually no; you said "You only need to escape data coming from a user
going in to your database."
Using a known variable in my app is not going to cause an sql injection
problem.
switch ($value) {
case 'x':
$my_field = 1;
break;
default:
$my_field = 0;
}
an insert here with
Kyle Terry wrote:
On Wed, Mar 4, 2009 at 6:55 PM, Chris wrote:
Eric Butera wrote:
On Wed, Mar 4, 2009 at 8:18 PM, Chris wrote:
You only need to escape data coming from a user going in to your
database.
If you put user input into your database and pull it back out, it's
still raw user in
On Wed, Mar 4, 2009 at 6:55 PM, Chris wrote:
> Eric Butera wrote:
>
>> On Wed, Mar 4, 2009 at 8:18 PM, Chris wrote:
>>
>>> You only need to escape data coming from a user going in to your
>>> database.
>>>
>>
>> If you put user input into your database and pull it back out, it's
>> still raw use
Eric Butera wrote:
On Wed, Mar 4, 2009 at 8:18 PM, Chris wrote:
You only need to escape data coming from a user going in to your database.
If you put user input into your database and pull it back out, it's
still raw user input. Never trust any piece of data ever, whether it
comes from a sup
On Wed, Mar 4, 2009 at 6:27 PM, Eric Butera wrote:
> On Wed, Mar 4, 2009 at 8:54 PM, Michael A. Peters wrote:
> > Eric Butera wrote:
> >
> >>
> >> So here's some examples of bad behavior.
> >>
> >> = Database =
> >> Bad:
> >> $name = mysql_real_escape_string($_POST['name'], $link);
> >> myql_que
On Wed, Mar 4, 2009 at 8:54 PM, Michael A. Peters wrote:
> Eric Butera wrote:
>
>>
>> So here's some examples of bad behavior.
>>
>> = Database =
>> Bad:
>> $name = mysql_real_escape_string($_POST['name'], $link);
>> myql_query("INSERT INTO foo (`name`) VALUES ('". $name ."')");
>>
>> $name now co
On Wed, Mar 4, 2009 at 8:18 PM, Chris wrote:
> You only need to escape data coming from a user going in to your database.
If you put user input into your database and pull it back out, it's
still raw user input. Never trust any piece of data ever, whether it
comes from a superglobal OR within yo
Eric Butera wrote:
So here's some examples of bad behavior.
= Database =
Bad:
$name = mysql_real_escape_string($_POST['name'], $link);
myql_query("INSERT INTO foo (`name`) VALUES ('". $name ."')");
$name now contains slashes which means it is corrupt and not able to
be echo'd without a strips
PJ wrote:
Sorry, but I have been waylaid by other posts... :'(
and have not had the opportunity to finish my quest and I posted to
mysql but they are not very helpful
I see I was not very clear below and will annotate below.
But the problem is still there, I cannot figure out how to sanitize
On Wed, Mar 4, 2009 at 8:04 PM, PJ wrote some stuff...
You should do a little reading on some of the keywords that have been presented.
Specifically you don't sanitize a value into your db. You escape it.
Prepared statements are a way of doing this that makes it a bit harder
to mess up. You ha
Sorry, but I have been waylaid by other posts... :'(
and have not had the opportunity to finish my quest and I posted to
mysql but they are not very helpful
I see I was not very clear below and will annotate below.
But the problem is still there, I cannot figure out how to sanitize with
mysql_r
On Wed, Feb 18, 2009 at 8:34 AM, PJ wrote:
> To focus on mysql_real_escape_string, I am recapping... questions below
> QUOTE:==
> Instead of doing this (for an imaginary table):
> $sql = "insert into table1(field1, field2) values ('$value1', '$value2')";
>
> do
> $sql = "insert into table1
On Wed, Feb 18, 2009 at 8:34 AM, PJ wrote:
> To focus on mysql_real_escape_string, I am recapping... questions below
> QUOTE:==
> Instead of doing this (for an imaginary table):
> $sql = "insert into table1(field1, field2) values ('$value1', '$value2')";
>
> do
> $sql = "insert into table
To focus on mysql_real_escape_string, I am recapping... questions below
QUOTE:==
Instead of doing this (for an imaginary table):
$sql = "insert into table1(field1, field2) values ('$value1', '$value2')";
do
$sql = "insert into table1(field1, field2) values ('" .
mysql_real_escape_string($v
Hello Joaquin,
use the urlencode function to "escape" the special characters.
After, use urldecode to get the string back to normal.
Regards,
Thiago Melo de Paula
On Sun, Jun 22, 2008 at 11:34 PM, joaquinbordado <[EMAIL PROTECTED]>
wrote:
>
> would someone happen to know the escape character f
for a space I belive a plus sign would work +
try the urlencode function it would make it much easier.
/James Dempster
On Mon, Jun 23, 2008 at 3:34 AM, joaquinbordado <[EMAIL PROTECTED]>
wrote:
>
> would someone happen to know the escape character for query string?
>
> here is my querysting my.p
%20
-Original Message-
From: joaquinbordado [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2008 3:35 AM
To: php-general@lists.php.net
Subject: [SPAM] [PHP] escape character in query string
Importance: Low
would someone happen to know the escape character for query string?
here is my
would someone happen to know the escape character for query string?
here is my querysting my.php?message=Hello%PHP%0AHow%was%your%day?
the output should be
Hello PHP
How was your day?
--
View this message in context:
http://www.nabble.com/escape-character-in-query-string-tp18061596p1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mike wrote:
> I am using Ubuntu 6.06 Linux with PHP 5.1.4. I am using the phpmailer class.
>
> I set the message body to be
>
> $msgbody = $msgbody.'\r\rDate: '.$_REQUEST['date'].'\rName:
> '.$_REQUEST['lname'].', '.$_REQUEST['fname'].'\rReferral:
I am using Ubuntu 6.06 Linux with PHP 5.1.4. I am using the phpmailer class.
I set the message body to be
$msgbody = $msgbody.'\r\rDate: '.$_REQUEST['date'].'\rName:
'.$_REQUEST['lname'].', '.$_REQUEST['fname'].'\rReferral:
'.$_REQUEST['referral'].'\rTelephone: '.$_REQUEST['tele'].'\rLoan Offic
Ryan A wrote:
Hey John,
Thanks for replying.
I cant use strip slashes because there are a number of scripts doing DB
things and searching for all of them and modifying things just for one
client can be a royal PITA.
I tried to use "php_flag magic_quotes_gpc off" in the *existing* .htaccess
file lik
On Friday 23 April 2004 12:21, Ryan A wrote:
> But then am getting a 500 error...
What does the webserver log say?
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Hey John,
Thanks for replying.
I cant use strip slashes because there are a number of scripts doing DB
things and searching for all of them and modifying things just for one
client can be a royal PITA.
I tried to use "php_flag magic_quotes_gpc off" in the *existing* .htaccess
file like so:
php_f
Ryan A wrote:
For example this insert statement:
insert into test_ing values('a','a','a','a')
becomes:
insert into test_ing values (\'a\',\'a\',\'a\',\'a\')
I immediatly suspected "magic_quotes" but checked (via phpinfo) and see that
magic_quotes are off, as a safety precaution I even have
"set_ma
Hi,
I am accepting some SQL via a textarea on a webform and then saving that SQL
in the database for later use
everythings working fine on our test servers but for some reason on our
clients servers its screwing up.
For example this insert statement:
insert into test_ing values('a','a','a','a'
> I'm running a script that reads the contents of images and stores them
> in a MySQL database. The problem I'm running into is that my server is
> seeing "\" as escape characters and stripping them out. I assume this
> has something to do with "Magic Quotes" or something of that nature but
> I'm
Hi All,
I'm running a script that reads the contents of images and stores them
in a MySQL database. The problem I'm running into is that my server is
seeing "\" as escape characters and stripping them out. I assume this
has something to do with "Magic Quotes" or something of that nature but
I
Thanks. I just figured it out myself. I had to change the expression:
$string= ereg_replace("[\\]+", "", $string);
The above is what worked.
Mike
"Justin French" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> on 02/09/02 1:14 PM, Mike Mannakee ([EMAIL PR
on 02/09/02 1:14 PM, Mike Mannakee ([EMAIL PROTECTED]) wrote:
> I'm getting multiple backslashes in data I get out of a mysql database.
>
> Example :
>
> ...Here\\\'s the d...
>
> No problem. Except I CANT GET RID OF THEM. I've tried several things:
>
> 1. $string = stripslashes($string);
I'm getting multiple backslashes in data I get out of a mysql database.
Example :
...Here\\\'s the d...
No problem. Except I CANT GET RID OF THEM. I've tried several things:
1. $string = stripslashes($string); - Doesn't do anything
2. $string = ereg_replace("\\", "", $string); - Does
In the following statement, can someone tell me what I would need to escape
out if I were to put it all into a variable (I know the quotes, but that's
all) :
if (!$name){
$error_msg.="Your Name \n";
}
Thanks,
Rob
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: ht
hi,
i've got myself into a bit of a mess. i have a database with approx 4000
records (mysql) and when i populated the database i was given 4000 text
files with the product name as the file name and the description of the
product as the contents.
so i set up a text field in the table to hold the
nevermind, i found them
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
what is a list of all the characters that have to be escaped?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
I've check the other articles and came up with the following:
1- take out the extension, html or php, inside the links in way
that I can change from .html to .php and vice-versa without worrie
to change all links.
2- and to add the .html to httpd.conf in order to all files to be parsed.
Not too b
On Sat, Mar 24, 2001 at 09:06:36PM -0500, Mauricio Junqueira wrote:
> Hi,
> I believe I am missing some configuration regarding my apache becouse
> I can only get php to work inside a file .php.
> If my page extension is .html, nothing happend with the php script; but
> just changing from .html
would
need to add the html extension to line with php. Otherwise, they're normal
html...
jack
-Original Message-
From: Mauricio Junqueira [mailto:[EMAIL PROTECTED]]
Sent: Saturday, March 24, 2001 9:07 PM
To: [EMAIL PROTECTED]
Subject: [PHP] escape sequences not recognized inside an
Hi,
I believe I am missing some configuration regarding my apache becouse
I can only get php to work inside a file .php.
If my page extension is .html, nothing happend with the php script; but
just changing from .html to .php everthing works fine.
Anyone? Anyhelp?
I'm new over php. I usually d
On Monday 12 March 2001 20:27, you wrote:
> Hi!
>
> I am trying to do some fileuploading.. but I am running into a problem
> with escaping spaces.
>
> Basically, I have this directory that includes spaces and I need to be
> able to change the spaces to "\ " so for example..
>
> my directory is: Fu
Hi!
I am trying to do some fileuploading.. but I am running into a problem
with escaping spaces.
Basically, I have this directory that includes spaces and I need to be
able to change the spaces to "\ " so for example..
my directory is: Fun Documents
I need to change it to: Fun\ Documents
That
In a message dated 26/02/2001 07:17:57 GMT Standard Time, [EMAIL PROTECTED]
writes:
<< there is addslashes();
http://www.php.net/manual/en/function.addslashes.php
john >>
addslashes() doesn`t work on the % sign though
Ade
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe,
there is addslashes();
http://www.php.net/manual/en/function.addslashes.php
john
[EMAIL PROTECTED] wrote:
> Hi,
>
> Anyone know the best method to escape the % sign in PHP?
>
> I`ve checked the manual and devshed and didn`t come across much, is there a
> command like addslashes() or would I h
Hi,
Anyone know the best method to escape the % sign in PHP?
I`ve checked the manual and devshed and didn`t come across much, is there a
command like addslashes() or would I have to use something like this...
$Field="A%D%E";
$Field1=str_replace("%","percent",$Field);
Thanks for any input
Ade
mail( 'email@address' , 'subject' , stripslashes( $body ) ) ;
At 04:22 14.1. 2001, Jeremy Bowen wrote the following:
--
>Hey All,
>
>I am sending e-mail using the mail() command. My question is whenever
>an ' is used in
Hey All,
I am sending e-mail using the mail() command. My question is whenever
an ' is used in the e-mail it is escaped like this: don\'t. Is there any way to
prevent this??
Thanks,
Jeremy
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTEC
61 matches
Mail list logo
