Search Results

Search found 104 results on 5 pages for 'htmlentities'.

Page 1/5 | 1 2 3 4 5  | Next Page >

  • Images not uploading when htmlentities has 'UTF-8' set

    - by gaoshan88
    I have a form that, among other things, accepts an image for upload and sticks it in the database. Previously I had a function filtering the POSTed data that was basically: function processInput($stuff) { $formdata = $stuff; $formdata = htmlentities($formdata, ENT_QUOTES); return "'" . mysql_real_escape_string(stripslashes($formdata)) . "'"; } When, in an effort to fix some weird entities that weren't getting converted properly I changed the function to (all that has changed is I added that 'UTF-8' bit in htmlentities): function processInput($stuff) { $formdata = $stuff; $formdata = htmlentities($formdata, ENT_QUOTES, 'UTF-8'); //added UTF-8 return "'" . mysql_real_escape_string(stripslashes($formdata)) . "'"; } And now images will not upload. What would be causing this? Simply removing the 'UTF-8' bit allows images to upload properly but then some of the MS Word entities that users put into the system show up as gibberish. What is going on?

    Read the article

  • Php DOMDocument Htmlentities problem

    - by scopus
    Hi, I use DOMDocument. My code here. $dom = new DOMDocument('1.0', 'utf-8'); $textNode = $dom->createTextNode('<input type="text" name="lastName" />'); $dom->appendChild($textNode); echo $dom->saveHTML(); Output: &lt;input type="text" name="lastName" &gt; But i want to disable htmlentities. How can i do?

    Read the article

  • Does using the converting input from HTML forms into htmlentities protect attacks invoving JavaScrip

    - by racl101
    Hi everyone, I was wondering if converting POST input from an HTML form into html entities, (via the PHP function htmlentities() or using the FILTER_SANITIZE_SPECIAL_CHARS constant in tandem with the filter_input() PHP function ), will help defend against any attacks where a user attempts to insert any JavaScript code inside the form field or if there's any other PHP based function or tactic I should employ to create a safe HTML form experience? Sorry for the loaded run-on sentence question but that's the best I could word it in a hurry. Any responses would be greatly appreciated and thanks to all in advance. racl101

    Read the article

  • JSON htmlentities javascript

    - by Wessel Rossing
    Hi! I am using an XMLHttpRequest to POST a JSON string to PHP. The JSON object is created in JavaScript and using the JSON2.js from json.org to create an JSON string representing the object. JSON.stringify(object); Whenever the object contains a string which has a special character in it, e.g. é, JavaScript does not give any error but PHP receives an empty array [] Is there a JavaScript function which produces the exact same resutls as the PHP function htmlentities() The data is send via POST, so the following functions escape() encodeURI() encodeURIComponent() are a bit overkill. Thanks!

    Read the article

  • How to remove htmlentities() values from the database?

    - by Chris
    Long before I knew anything - not that I know much even now - I desgined a web app in php which inserted data in my mysql database after running the values through htmlentities(). I eventually came to my senses and removed this step and stuck it in the output rather than input and went on my merry way. However I've since had to revisit some of this old data and unfortunately I have an issue, when it's displayed on the screen I'm getting values displayed which are effectively htmlentitied twice. So, is there a mysql or phpmyadmin way of changing all the older, affected rows back into their relevant characters or will I have to write a script to read each row, decode and update all 17 million rows in 12 tables?

    Read the article

  • In php, Prepare string and create XML/RSS Feed

    - by Bill
    I want to create my own RSS/XML feed. I fetch data from the database to display, but keep getting invalid character errors. If the string has an ampersand or other strange characters in it, the XML will be invalid. I tried using urlencode and htmlentities, but these don't capture all possible characters which need to be escaped. Does anyone know of a PHP function which will prepare a string for XML output?

    Read the article

  • how to convert all characters to their html entity equivalent using PHP

    - by Ashley Ward
    I want to convert this [email protected] to &#104;&#101;&#108;&#108;&#111;&#064;&#100;&#111;&#109;&#097;&#105;&#110;&#046;&#099;&#111;&#109; I have tried: url_encode($string) this provides the same string I entered, returned with the @ symbol converted to %40 also tried: htmlentities($string) this provides the same string right back. I am using a UTF8 charset. not sure if this makes a difference....

    Read the article

  • Using php to create a password system with chinese characters

    - by WillDonohoe
    Hi guys, I'm having an issue with validating chinese characters against other chinese characters, for example I'm creating a simple password script which gets data from a database, and gets the user input through get. The issue I'm having is for some reason, even though the characters look exactly the same when you echo them out, my if statement still thinks they are different. I have tried using the htmlentities() function to encode the characters, the password from the database encodes nicely, giving me a working '& #35441;' (I've put a space in it to stop it from converting to a chinese character!). The other user input value gives me a load of funny characters. The only thing which I believe must be breaking it, is it encodes in a different way and therefore the php thinks it's 2 completely different strings. Does anybody have any ideas? Thanks in advance, Will

    Read the article

  • UTF8 charset, diacritical elements, conversion problems - and Zend Framework form escaping

    - by imanc
    Hey, I am writing a webapp in ZF and am having serious issues with UTF8. It's using multi lingual content through Zend Form and it seems that ZF heavily escapes all of these characters and basically just won't show a field if there's diacritical elements 'é' and if I use the HTML entity equivalent e.g. é it gets escaped so that the user will see 'é'. Zend Form allows for having non escaped data, but trying to use this is confusing, and it seems it'd need to be used all over the place. So, I have been told that if the page and the text is in UTF8, no conversion to htmlentities is required. Is this true? And if the last question is true, then how do I convert the source text to UTF8? I am comfortable setting up apache so that it sends a default UTF8 charset heading, and also adding the charset meta tag to the html, but doing this I am still getting messed up encoding. I have also tried opening the translation csv file in TextWrangler on OSX as UTF8, but it has done nothing. Thanks! L

    Read the article

  • How to decode numeric HTML entities in PHP

    - by Yuriy
    Hello, I'm trying to decode encoded long dash from numeric entity to string, but it seems that I can't find a function which can do this properly. The best that I found is mb_decode_numericentity(), however, for some reason it fails to decode long dash and some other special characters. $str = '–'; // <- ' & # 8211 ;' $str = mb_decode_numericentity ( $str , Array(0xFF, 0x2FFFF, 0, 0xFFFF) , 'ISO-8859-1'); This will return "?". Anyone knows how to solve this problem?

    Read the article

  • charset problem?

    - by Ben Fransen
    Hi all, I have a bugging problem. For a website I made there are search engine friendly URL's generated. The only problem is there are ß-chars in the url too. Chars like ö, ï, ä, ü etc. are placed correct. But with the ß-char there is a diamond-icon with a questionmark in it. I thought it had to do with the charset which is used but i've tried both UTF-8 and iso-8859-1. Both without luck. I need to have the correct character in the url for the readability of deeplinks. Hope to hear from you!

    Read the article

  • Symfony 1.4: Is it possible to prevent escaping of a redirect URL?

    - by Tom
    Hi, If I do a redirect in action as normal: $this->redirect('@mypage?apple=1&banana=2&orange=3'); ... Symfony produces the correct URL: /something/something?apple=1&banana=2&orange=3 However, the following gets escaped for some bizarre reason: $string = 'apple=1&banana=2&orange=3'; $this->redirect('@mypage?'.$string); ... and the following URL is produced: /something/something?apple=1&amp;banana=2&amp;orange=3 Is there a way to avoid this escaping and have the ampersands appear correctly in the URL? I've tried everything I can think of and it's driving me mad. I need this for a situation where I'm pulling a saved query as a string from the database and would just like to latch it onto the URL. I'm aware that I could generate an array from the string and then generate a brand new URL from the array, but it just seems like a lot of overhead because of this silly escaping. Thanks.

    Read the article

  • charset problem?

    - by Ben Fransen
    Hi all, I have a bugging problem. For a website I made there are search engine friendly URL's generated. The only problem is there are ß-chars in the url too. Chars like ö, ï, ä, ü etc. are placed correct. But with the ß-char there is a diamond-icon with a questionmark in it. - ? I thought it had to do with the charset which is used but i've tried both UTF-8 and iso-8859-1. Both without luck. I need to have the correct character in the url for the readability of deeplinks. Hope to hear from you!

    Read the article

  • How to get HTML5 canvas text to show html entity?

    - by mrollinsiv
    I'm parsing an xml file that stores image/caption data both of which I need to display on my canvas. However occasionally there's an entity in the file and when drawing the text to the canvas it interprets it as flat text. How can i get &copy; to show up as © on the canvas? Is this even possible, or does anyone know of a good work around?

    Read the article

  • How to get the age from a birthdate using PHP & MySQL?

    - by TaG
    I ask my users for their birthdate and store it in my database in the following way $month $day $year output May 6 1901 but I was wondering how can I get the age from the stored birthdate using PHP & MySQL? Here is the PHP code. if (isset($_POST['submitted'])) { $mysqli = mysqli_connect("localhost", "root", "", "sitename"); $dbc = mysqli_query($mysqli,"SELECT users.* FROM users WHERE user_id=3"); $month_options = array("Month", "January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", "December"); $day_options = array("Day", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20", "21", "22", "23", "24", "25", "26", "27", "28", "29", "30", "31"); $month = mysqli_real_escape_string($mysqli, htmlentities(strip_tags($_POST['month']))); $day = mysqli_real_escape_string($mysqli, htmlentities(strip_tags($_POST['day']))); $year = mysqli_real_escape_string($mysqli, htmlentities(strip_tags($_POST['year']))); if (mysqli_num_rows($dbc) == 0) { $mysqli = mysqli_connect("localhost", "root", "", "sitename"); $dbc = mysqli_query($mysqli,"INSERT INTO users (user_id, month, day, year) VALUES ('$user_id', '$month', '$day', '$year')"); } if ($dbc == TRUE) { $dbc = mysqli_query($mysqli,"UPDATE users SET month = '$month', day = '$day', year = '$year' WHERE user_id = '$user_id'"); echo '<p class="changes-saved">Your changes have been saved!</p>'; } if (!$dbc) { print mysqli_error($mysqli); return; } } Here is the html. <form method="post" action="index.php"> <fieldset> <ul> <li><label>Date of Birth: </label> <label for="month" class="hide">Month: </label> <?php // month options echo '<select name="month" id="month">' . "\n"; foreach($month_options as $option) { if ($option == $month) { echo '<option value="' . stripslashes(htmlentities(strip_tags($option))) . '" selected="selected">' . stripslashes(htmlentities(strip_tags($option))) . '</option>' . "\n"; } else { echo '<option value="'. stripslashes(htmlentities(strip_tags($option))) . '">' . stripslashes(htmlentities(strip_tags($option))) . '</option>'."\n"; } } echo '</select>'; ?> <label for="day" class="hide">Day: </label> <?php // day options echo '<select id="day" name="day">' . "\n"; foreach($day_options as $option) { if ($option == $day) { echo '<option value="' . stripslashes(htmlentities(strip_tags($option))) . '" selected="selected">' . stripslashes(htmlentities(strip_tags($option))) . '</option>' . "\n"; } else { echo '<option value="'. stripslashes(htmlentities(strip_tags($option))) . '">' . stripslashes(htmlentities(strip_tags($option))) . '</option>'."\n"; } } echo '</select>'; ?> <label for="year" class="hide">Year: </label><input type="text" name="year" id="year" size="4" maxlength="4" value="<?php if (isset($_POST['year'])) { echo stripslashes(htmlentities(strip_tags($_POST['year']))); } else if(!empty($year)) { echo stripslashes(htmlentities(strip_tags($year))); } ?>" /></li> <li><input type="submit" name="submit" value="Save Changes" class="save-button" /> <input type="hidden" name="submitted" value="true" /> <input type="submit" name="submit" value="Preview Changes" class="preview-changes-button" /></li> </ul> </fieldset> </form>

    Read the article

  • JQuery and PHP display problem

    - by TheCREATOR
    I'm new to JQuery but for some reason I cant get the php code to display correctly when I put it in my JQuery script. The php code will display correctly when its not in the JQuery code can someone help me fix my JQuery code so it will display my PHP code correctly? Here is the JQuery and PHP code. var count = 0; $(function(){ $('p#add_field').click(function(){ count += 1; $('#container').append( '<input type="text" name="sk" id="sk" />' + '<label for="exp">Exp: </label>' + '<?php' + 'echo \'<select id="exp" name="exp">\' . "\n";' + 'foreach($options as $option) {' + 'if ($option == $exp) {' + 'echo \'<option value="\' . stripslashes(htmlentities(strip_tags($option))) . \'" selected="selected">\' .' + ' stripslashes(htmlentities(strip_tags($option))) . \'</option>\' . "\n";' + '} else {' + 'echo \'<option value="\'. stripslashes(htmlentities(strip_tags($option))) . \'">\' .' + 'stripslashes(htmlentities(strip_tags($option))) . \'</option>\'."\n";' + '}' + '}' + 'echo \'</select>\';' + '?>' + '<label for="g">RGB: </label>' + '<?php' + 'echo \'<select id="g" name="g">\' . "\n";' + 'foreach($options as $option) {' + 'if ($option == $g) {' + 'echo \'<option value="\' . stripslashes(htmlentities(strip_tags($option))) . \'" selected="selected">\' .' + 'stripslashes(htmlentities(strip_tags($option))) . \'</option>\' . "\n";' + '} else {' + 'echo \'<option value="\'. stripslashes(htmlentities(strip_tags($option))) . \'">\' .' + 'stripslashes(htmlentities(strip_tags($option))) . \'</option>\'."\n";' + '}' + '}' + 'echo \'</select>\';' + '?></li>' ); }); });

    Read the article

  • PHP submit problem

    - by TaG
    I'm trying to check if the username is available and display it for the user to see when they check there account settings, which I have done. BUT when the user tries to fill out another field I get the Your username is unavailable! which should not pop up because its the users username already. I want to know how can I fix this problem using PHP so that the users name is displayed every time the user views their account settings and it wont cause problems when a user submits additional info? Here is the PHP code. if (isset($_POST['submitted'])) { require_once '../htmlpurifier/library/HTMLPurifier.auto.php'; $config = HTMLPurifier_Config::createDefault(); $config->set('Core.Encoding', 'UTF-8'); $config->set('HTML.Doctype', 'XHTML 1.0 Strict'); $config->set('HTML.TidyLevel', 'heavy'); $config->set('HTML.SafeObject', true); $config->set('HTML.SafeEmbed', true); $purifier = new HTMLPurifier($config); $mysqli = mysqli_connect("localhost", "root", "", "sitename"); $dbc = mysqli_query($mysqli,"SELECT users.* FROM users WHERE user_id=3"); $first_name = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['first_name'])))); $username = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['username'])))); if($_POST['username']) { $u = "SELECT user_id FROM users WHERE username = '$username'"; $r = mysqli_query ($mysqli, $u) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($mysqli)); if (mysqli_num_rows($r) == TRUE) { $username = NULL; echo '<p class="error">Your username is unavailable!</p>'; } else if(mysqli_num_rows($r) == 0) { $username = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['username'])))); if ($_POST['password1'] == $_POST['password2']) { $sha512 = hash('sha512', $_POST['password1']); $password = mysqli_real_escape_string($mysqli, $purifier->purify(strip_tags($sha512))); } else { $password = NULL; } if($password == NULL) { echo '<p class="error">Your password did not match the confirmed password!</p>'; } else { if (mysqli_num_rows($dbc) == 0) { $mysqli = mysqli_connect("localhost", "root", "", "sitename"); $dbc = mysqli_query($mysqli,"INSERT INTO users (user_id, first_name, username, password) VALUES ('$user_id', '$first_name', '$username', '$password')"); } if ($dbc == TRUE) { $dbc = mysqli_query($mysqli,"UPDATE users SET first_name = '$first_name', username = '$username', password = '$password' WHERE user_id = '$user_id'"); echo '<p class="changes-saved">Your changes have been saved!</p>'; } if (!$dbc) { print mysqli_error($mysqli); return; } } } } } Here is the html form. <form method="post" action="index.php"> <fieldset> <ul> <li><label for="first_name">First Name: </label><input type="text" name="first_name" id="first_name" size="25" class="input-size" value="<?php if (isset($_POST['first_name'])) { echo stripslashes(htmlentities(strip_tags($_POST['first_name']))); } else if(!empty($first_name)) { echo stripslashes(htmlentities(strip_tags($first_name))); } ?>" /></li> <li><label for="username">UserName: </label><input type="text" name="username" id="username" size="25" class="input-size" value="<?php if (isset($_POST['username'])) { echo stripslashes(htmlentities(strip_tags($_POST['username']))); } else if(!empty($username)) { echo stripslashes(htmlentities(strip_tags($username))); } ?>" /><br /><span>(ex: CSSKing, butterball)</span></li> <li><label for="password1">Password: </label><input type="password" name="password1" id="password1" size="25" class="input-size" value="<?php if (isset($_POST['password1'])) { echo stripslashes(htmlentities(strip_tags($_POST['password1']))); } ?>" /></li> <li><label for="password2">Confirm Password: </label><input type="password" name="password2" id="password2" size="25" class="input-size" value="<?php if (isset($_POST['password2'])) { echo stripslashes(htmlentities(strip_tags($_POST['password2']))); } ?>" /></li> <li><input type="submit" name="submit" value="Save Changes" class="save-button" /> <input type="hidden" name="submitted" value="true" /> <input type="submit" name="submit" value="Preview Changes" class="preview-changes-button" /></li> </ul> </fieldset> </form>

    Read the article

  • URL Multiple Query Parameters Encoded with HTML Entities

    - by BRADINO
    I came across a situation where a URL with multiple query parameters was encoded using htmlentities() and PHP was not recognizing the query parameters using $_GET. A common case for encoding urls using htmlentities() is to use them inside XML documents. So a url with multiple query parameters, encoded using htmlentities() would look like this: http://www.bradino.com/?color=white&amp;size=medium&amp;quantity=3 and when that url is accessed the second and third query parameters are not recognized because instead of separating the subsequent variables with an & that character gets converted into &amp;. I could not find a good way to resolve this, so basically I just encoded the query string back to normal using html_entity_decode() and then slammed the parameters back into the $_GET array using parse_str(). $query = html_entity_decode($_SERVER['QUERY_STRING']); parse_str($query,$_GET); There must be a better way! Anyone come across this before?

    Read the article

  • Creating PHP Forms with show/hide functionality [migrated]

    - by ronquiq
    I want to create two reports and submit the report data to database by using two functions defined in a class: Here I have two buttons: "Create ES" and "Create RP". Rightnow, my forms are working fine, I can insert data successfully, but the problem was when I click on submit after filling the form data, the content is hiding and displays the fist div content "cs_content" and again I need to onclick to submit again. Could anyone give a solution for this. Requirement : When I click on "Create CS", I should be able to fill the form and submit data successfully with a message within "cs_content" and any form input errors, the errors should display within "cs_content". When I click on "Create RP", I should be able to fill the form and submit data successfully with a message within "rp_content" and any form input errors, the errors should display within "rp_content". home.php <?php require 'classes/class.report.php'; $report = new Report($db); ?> <html> <head> <script src="js/jqueryv1.10.2.js"></script> <script> $ (document).ready(function () { //$("#cs_content").show(); $('#cs').click(function () { $('#cs_content').fadeIn('slow'); $('#rp_content').hide(); }); $('#rp').click(function () { $('#rp_content').fadeIn('slow'); $('#cs_content').hide(); }); }); </script> </head> <body> <div class="container2"> <div style="margin:0px 0px;padding:3px 217px;overflow:hidden;"> <div id="cs" style="float:left;margin:0px 0px;padding:7px;"><input type="button" value="CREATE CS"></div> <div id="rp" style="float:left;margin:0px 0px;padding:7px;"><input type="button" value="CREATE RP"></div><br> </div> <div id="cs_content"> <?php $report->create_cs_report(); ?> </div> <div id="rp_content" style="display:none;"> <?php $report->create_rp_report(); ?> </div> </div> </body> </html> class.report.php <?php class Report { private $db; public function __construct($database){ $this->db = $database; } public function create_cs_report() { if (isset($_POST['create_es_report'])) { $report_name = htmlentities($_POST['report_name']); $from_address = htmlentities($_POST['from_address']); $subject = htmlentities($_POST['subject']); $reply_to = htmlentities($_POST['reply_to']); if (empty($_POST['report_name']) || empty($_POST['from_address']) || empty($_POST['subject']) || empty($_POST['reply_to'])) { $errors[] = '<span class="error">All fields are required.</span>'; } else { if (isset($_POST['report_name']) && empty($_POST['report_name'])) { $errors[] = '<span class="error">Report Name is required</span>'; } else if (!ctype_alnum($_POST['report_name'])) { $errors[] = '<span class="error">Report Name: Whitespace is not allowed, only alphabets and numbers are required</span>'; } if (isset($_POST['from_address']) && empty($_POST['from_address'])) { $errors[] = '<span class="error">From address is required</span>'; } else if (filter_var($_POST['from_address'], FILTER_VALIDATE_EMAIL) === false) { $errors[] = '<span class="error">Please enter a valid From address</span>'; } if (isset($_POST['subject']) && empty($_POST['subject'])) { $errors[] = '<span class="error">Subject is required</span>'; } else if (!ctype_alnum($_POST['subject'])) { $errors[] = '<span class="error">Subject: Whitespace is not allowed, only alphabets and numbers are required</span>'; } if (isset($_POST['reply_to']) && empty($_POST['reply_to'])) { $errors[] = '<span class="error">Reply To is required</span>'; } else if (filter_var($_POST['reply_to'], FILTER_VALIDATE_EMAIL) === false) { $errors[] = '<span class="error">Please enter a valid Reply-To address</span>'; } } if (empty($errors) === true) { $query = $this->db->prepare("INSERT INTO report(report_name, from_address, subject, reply_to) VALUES (?, ?, ?, ?) "); $query->bindValue(1, $report_name); $query->bindValue(2, $from_address); $query->bindValue(3, $subject); $query->bindValue(4, $reply_to); try { $query->execute(); } catch(PDOException $e) { die($e->getMessage()); } header('Location:home.php?success'); exit(); } } if (isset($_GET['success']) && empty($_GET['success'])) { header('Location:home.php'); echo '<span class="error">Report is succesfully created</span>'; } ?> <form action="" method="POST" accept-charset="UTF-8"> <div style="font-weight:bold;padding:17px 80px;text-decoration:underline;">Section A</div> <table class="create_report"> <tr><td><label>Report Name</label><span style="color:#A60000">*</span></td> <td><input type="text" name="report_name" required placeholder="Name of the report" value="<?php if(isset($_POST["report_name"])) echo $report_name; ?>" size="30" maxlength="30"> </td></tr> <tr><td><label>From</label><span style="color:#A60000">*</span></td> <td><input type="text" name="from_address" required placeholder="From address" value="<?php if(isset($_POST["from_address"])) echo $from_address; ?>" size="30"> </td></tr> <tr><td><label>Subject</label><span style="color:#A60000">*</span></td> <td><input type="text" name="subject" required placeholder="Subject" value="<?php if(isset($_POST["subject"])) echo $subject; ?>" size="30"> </td></tr> <tr><td><label>Reply To</label><span style="color:#A60000">*</span></td> <td><input type="text" name="reply_to" required placeholder="Reply address" value="<?php if(isset($_POST["reply_to"])) echo $reply_to; ?>" size="30"> </td></tr> <tr><td><input type="submit" value="create report" style="background:#8AC007;color:#080808;padding:6px;" name="create_es_report"></td></tr> </table> </form> <?php //IF THERE ARE ERRORS, THEY WOULD BE DISPLAY HERE if (empty($errors) === false) { echo '<div>' . implode('</p><p>', $errors) . '</div>'; } } public function create_rp_report() { if (isset($_POST['create_rp_report'])) { $report_name = htmlentities($_POST['report_name']); $to_address = htmlentities($_POST['to_address']); $subject = htmlentities($_POST['subject']); $reply_to = htmlentities($_POST['reply_to']); if (empty($_POST['report_name']) || empty($_POST['to_address']) || empty($_POST['subject']) || empty($_POST['reply_to'])) { $errors[] = '<span class="error">All fields are required.</span>'; } else { if (isset($_POST['report_name']) && empty($_POST['report_name'])) { $errors[] = '<span class="error">Report Name is required</span>'; } else if (!ctype_alnum($_POST['report_name'])) { $errors[] = '<span class="error">Report Name: Whitespace is not allowed, only alphabets and numbers are required</span>'; } if (isset($_POST['to_address']) && empty($_POST['to_address'])) { $errors[] = '<span class="error">to address is required</span>'; } else if (filter_var($_POST['to_address'], FILTER_VALIDATE_EMAIL) === false) { $errors[] = '<span class="error">Please enter a valid to address</span>'; } if (isset($_POST['subject']) && empty($_POST['subject'])) { $errors[] = '<span class="error">Subject is required</span>'; } else if (!ctype_alnum($_POST['subject'])) { $errors[] = '<span class="error">Subject: Whitespace is not allowed, only alphabets and numbers are required</span>'; } if (isset($_POST['reply_to']) && empty($_POST['reply_to'])) { $errors[] = '<span class="error">Reply To is required</span>'; } else if (filter_var($_POST['reply_to'], FILTER_VALIDATE_EMAIL) === false) { $errors[] = '<span class="error">Please enter a valid Reply-To address</span>'; } } if (empty($errors) === true) { $query = $this->db->prepare("INSERT INTO report(report_name, to_address, subject, reply_to) VALUES (?, ?, ?, ?) "); $query->bindValue(1, $report_name); $query->bindValue(2, $to_address); $query->bindValue(3, $subject); $query->bindValue(4, $reply_to); try { $query->execute(); } catch(PDOException $e) { die($e->getMessage()); } header('Location:home.php?success'); exit(); } } if (isset($_GET['success']) && empty($_GET['success'])) { header('Location:home.php'); echo '<span class="error">Report is succesfully created</span>'; } ?> <form action="" method="POST" accept-charset="UTF-8"> <div style="font-weight:bold;padding:17px 80px;text-decoration:underline;">Section A</div> <table class="create_report"> <tr><td><label>Report Name</label><span style="color:#A60000">*</span></td> <td><input type="text" name="report_name" required placeholder="Name of the report" value="<?php if(isset($_POST["report_name"])) echo $report_name; ?>" size="30" maxlength="30"> </td></tr> <tr><td><label>to</label><span style="color:#A60000">*</span></td> <td><input type="text" name="to_address" required placeholder="to address" value="<?php if(isset($_POST["to_address"])) echo $to_address; ?>" size="30"> </td></tr> <tr><td><label>Subject</label><span style="color:#A60000">*</span></td> <td><input type="text" name="subject" required placeholder="Subject" value="<?php if(isset($_POST["subject"])) echo $subject; ?>" size="30"> </td></tr> <tr><td><label>Reply To</label><span style="color:#A60000">*</span></td> <td><input type="text" name="reply_to" required placeholder="Reply address" value="<?php if(isset($_POST["reply_to"])) echo $reply_to; ?>" size="30"> </td></tr> <tr><td><input type="submit" value="create report" style="background:#8AC007;color:#080808;padding:6px;" name="create_rp_report"></td></tr> </table> </form> <?php //IF THERE ARE ERRORS, THEY WOULD BE DISPLAY HERE if (empty($errors) === false) { echo '<div>' . implode('</p><p>', $errors) . '</div>'; } } }//Report CLASS ENDS

    Read the article

  • Submiting a Form without Refreshing the page with jQuery and Ajax Not updating MySQL database.

    - by HEEEEEEELP
    I'm a newbie to JQuery and have a problem, when I click submit button on the form everything says registration was successful but my MYSQL database was not updated everything worked fine until I tried to add the JQuery to the picture. Can someone help me fix this problem so my database is updated? Thanks Here is the JQuery code. $(function() { $(".save-button").click(function() { var address = $("#address").val(); var address_two = $("#address_two").val(); var city_town = $("#city_town").val(); var state_province = $("#state_province").val(); var zipcode = $("#zipcode").val(); var country = $("#country").val(); var email = $("#email").val(); var dataString = 'address='+ address + '&address_two=' + address_two + '&city_town=' + city_town + '&state_province=' + state_province + '&zipcode=' + zipcode + '&country=' + country + '$email=' + email; if(address=='' || address_two=='' || city_town=='' || state_province=='' || zipcode=='' || country=='' || email=='') { $('.success').fadeOut(200).hide(); $('.error').fadeOut(200).show(); } else { $.ajax({ type: "POST", url: "http://localhost/New%20Project/home/index.php", data: dataString, success: function(){ $('.success').fadeIn(200).show(); $('.error').fadeOut(200).hide(); } }); } return false; }); }); Here is the PHP code. if (isset($_POST['contact_info_submitted'])) { // Handle the form. // Query member data from the database and ready it for display $mysqli = mysqli_connect("localhost", "root", "", "sitename"); $dbc = mysqli_query($mysqli,"SELECT users.*, contact_info.* FROM users INNER JOIN contact_info ON contact_info.user_id = users.user_id WHERE users.user_id=3"); $user_id = mysqli_real_escape_string($mysqli, htmlentities('3')); $address = mysqli_real_escape_string($mysqli, htmlentities($_POST['address'])); $address_two = mysqli_real_escape_string($mysqli, htmlentities($_POST['address_two'])); $city_town = mysqli_real_escape_string($mysqli, htmlentities($_POST['city_town'])); $state_province = mysqli_real_escape_string($mysqli, htmlentities($_POST['state_province'])); $zipcode = mysqli_real_escape_string($mysqli, htmlentities($_POST['zipcode'])); $country = mysqli_real_escape_string($mysqli, htmlentities($_POST['country'])); $email = mysqli_real_escape_string($mysqli, strip_tags($_POST['email'])); //If the table is not found add it to the database if (mysqli_num_rows($dbc) == 0) { $mysqli = mysqli_connect("localhost", "root", "", "sitename"); $dbc = mysqli_query($mysqli,"INSERT INTO contact_info (user_id, address, address_two, city_town, state_province, zipcode, country, email) VALUES ('$user_id', '$address', '$address_two', '$city_town', '$state_province', '$zipcode', '$country', '$email')"); } //If the table is in the database update each field when needed if ($dbc == TRUE) { $dbc = mysqli_query($mysqli,"UPDATE contact_info SET address = '$address', address_two = '$address_two', city_town = '$city_town', state_province = '$state_province', zipcode = '$zipcode', country = '$country', email = '$email' WHERE user_id = '$user_id'"); } if (!$dbc) { // There was an error...do something about it here... print mysqli_error($mysqli); return; } } Here is the XHTML code. <form method="post" action="index.php"> <fieldset> <ul> <li><label for="address">Address 1: </label><input type="text" name="address" id="address" size="25" class="input-size" value="<?php if (isset($_POST['address'])) { echo $_POST['address']; } else if(!empty($address)) { echo $address; } ?>" /></li> <li><label for="address_two">Address 2: </label><input type="text" name="address_two" id="address_two" size="25" class="input-size" value="<?php if (isset($_POST['address_two'])) { echo $_POST['address_two']; } else if(!empty($address_two)) { echo $address_two; } ?>" /></li> <li><label for="city_town">City/Town: </label><input type="text" name="city_town" id="city_town" size="25" class="input-size" value="<?php if (isset($_POST['city_town'])) { echo $_POST['city_town']; } else if(!empty($city_town)) { echo $city_town; } ?>" /></li> <li><label for="state_province">State/Province: </label> <?php echo '<select name="state_province" id="state_province">' . "\n"; foreach($state_options as $option) { if ($option == $state_province) { echo '<option value="' . $option . '" selected="selected">' . $option . '</option>' . "\n"; } else { echo '<option value="'. $option . '">' . $option . '</option>'."\n"; } } echo '</select>'; ?> </li> <li><label for="zipcode">Zip/Post Code: </label><input type="text" name="zipcode" id="zipcode" size="5" class="input-size" value="<?php if (isset($_POST['zipcode'])) { echo $_POST['zipcode']; } else if(!empty($zipcode)) { echo $zipcode; } ?>" /></li> <li><label for="country">Country: </label> <?php echo '<select name="country" id="country">' . "\n"; foreach($countries as $option) { if ($option == $country) { echo '<option value="' . $option . '" selected="selected">' . $option . '</option>' . "\n"; } else if($option == "-------------") { echo '<option value="' . $option . '" disabled="disabled">' . $option . '</option>'; } else { echo '<option value="'. $option . '">' . $option . '</option>'."\n"; } } echo '</select>'; ?> </li> <li><label for="email">Email Address: </label><input type="text" name="email" id="email" size="25" class="input-size" value="<?php if (isset($_POST['email'])) { echo $_POST['email']; } else if(!empty($email)) { echo $email; } ?>" /><br /><span>We don't spam or share your email with third parties. We respect your privacy.</span></li> <li><input type="submit" name="submit" value="Save Changes" class="save-button" /> <input type="hidden" name="contact_info_submitted" value="true" /> <input type="submit" name="submit" value="Preview Changes" class="preview-changes-button" /></li> </ul> </fieldset> </form>

    Read the article

  • Quick MySQLi security question

    - by Benjamin Falk
    I have a quick MySQLi security related question... For example, take a look at this code (gets in put from the user, checks it against the database to see if the username/password combination exist): $input['user'] = htmlentities($_POST['username'], ENT_QUOTES); $input['pass'] = htmlentities($_POST['password'], ENT_QUOTES); // query db if ($stmt = $mysqli->prepare("SELECT * FROM members WHERE username=? AND password = ?")) { $stmt->bind_param("ss", $input['user'], md5($input['pass'] . $config['salt'])); $stmt->execute(); $stmt->store_result(); // check if there is a match in the database for the user/password combination if ($stmt->num_rows > 0) {} } In this case, I am using htmlentities() on the form data, and using a MySQLi prepared statement. Do I still need to be using mysql_real_escape_string()?

    Read the article

1 2 3 4 5  | Next Page >