Search Results

Search found 104 results on 5 pages for 'htmlentities'.

Page 2/5 | < Previous Page | 1 2 3 4 5  | Next Page >

• How do browsers/PHP handle characters outside the set characterset?

  - by Maarten

  I'm looking into how characters are handled that are outside of the set characterset for a page. In this case the page is set to iso-8859-1, and the previous programmer decided to escape input using htmlentities($string,ENT_COMPAT). This is then stored into Latin1 tables in Mysql. As the table is set to the same character set as the page, I am wondering if that htmlentities step is needed. I did some experiments on http://floris.workingweb.nl/experiments/characters.php and it seems that for stuff inside Latin1 some characters are escaped, but for example with a Czech name they are not. Is this because those characters are outside of Latin1? If so, then the htmlentities can be removed, as it doesn't help for stuff outside of Latin1 anyway, and for within Latin1 it is not needed as far as I can see now...

  Read the article

• PHP & MySQL submit error message problem

  - by peakUC

  When I submit a new name and not a new avatar I get the following avatar error message Please upload a .gif, .jpeg, .jpg or .png image!. I want to be able to send a new name only without having to upload a new avatar each time I submit the form without getting the avatar error message Please upload a .gif, .jpeg, .jpg or .png image! can someone help me fix this problem? Here is the php code. if (isset($_POST['submitted'])) { $mysqli = mysqli_connect("localhost", "root", "", "sitename"); $dbc = mysqli_query($mysqli,"SELECT users.* FROM users WHERE user_id=3"); $first_name = mysqli_real_escape_string($mysqli, htmlentities(strip_tags($_POST['first_name']))); $user_id = '3'; if(isset($_FILES["avatar"]["name"]) && $_FILES['avatar']['size'] <= 5242880) { if($_FILES["avatar"]["type"] == "image/gif" || $_FILES["avatar"]["type"] == "image/jpeg" || $_FILES["avatar"]["type"] == "image/jpg" || $_FILES["avatar"]["type"] == "image/png" || $_FILES["avatar"]["type"] == "image/pjpeg") { if (file_exists("../members/" . $user_id . "/images/" . $_FILES["avatar"]["name"])) { echo '<p class="error">' . mysqli_real_escape_string($mysqli, htmlentities(strip_tags(basename($_FILES["avatar"]["name"])))) . ' already exists! '; } else if($_FILES["avatar"]["name"] == TRUE) { move_uploaded_file($_FILES["avatar"]["tmp_name"], "../members/" . $user_id . "/images/" . mysqli_real_escape_string($mysqli, htmlentities(strip_tags(basename($_FILES["avatar"]["name"]))))); $avatar = mysqli_real_escape_string($mysqli, htmlentities(strip_tags(basename($_FILES["avatar"]["name"])))); } } else if($_FILES["avatar"]["type"] != "image/gif" || $_FILES["avatar"]["type"] != "image/jpeg" || $_FILES["avatar"]["type"] != "image/jpg" || $_FILES["avatar"]["type"] != "image/png" || $_FILES["avatar"]["type"] != "image/pjpeg") { echo '<p class="error">Please upload a .gif, .jpeg, .jpg or .png image!</p>'; } } else if($_FILES['avatar']['size'] >= 5242880) { echo '<p class="error">Please upload a smaller pic!</p>'; } else if($_FILES["avatar"]["name"] == NULL) { $avatar = NULL; } if(isset($_FILES["avatar"]["name"]) && $_FILES['avatar']['size'] <= 5242880) { if (mysqli_num_rows($dbc) == 0) { $mysqli = mysqli_connect("localhost", "root", "", "sitename"); $dbc = mysqli_query($mysqli,"INSERT INTO users (user_id, first_name, avatar) VALUES ('$user_id', '$first_name', '$avatar')"); } if ($dbc == TRUE) { $dbc = mysqli_query($mysqli,"UPDATE users SET first_name = '$first_name', avatar = '$avatar' WHERE user_id = '$user_id'"); echo '<p class="changes-saved">Your changes have been saved!</p>'; } if (!$dbc) { print mysqli_error($mysqli); return; } } }

  Read the article

• PHP form validation question?

  - by GeNx

  Is it necessary to validate a name or street address? when I have it coded in the following format. And if so why? $address = mysqli_real_escape_string($mysqli, htmlentities($_POST['address'])); $name = mysqli_real_escape_string($mysqli, htmlentities($_POST['name']));

  Read the article

• special characters to html entity using php

  - by text

  I want to convert special characters like ñ, Ñ to htmlentities using php. I tried using htmlentities, but instead of returning "&ntilde" for its value it returns "ñ" as its value.

  Read the article

• PHP self form validation

  - by Jordan Pagaduan

  <?php function VerifyForm(&$values, &$errors) { if (strlen($values['fname']) == 0) $errors['fname'] = 'Enter First Name'; if (strlen($values['lname']) == 0) $errors['lname'] = 'Enter Last Name'; if (strlen($values['mname']) == 0) $errors['mname'] = 'Enter Middle Name'; if (strlen($values['address']) == 0) $errors['address'] = 'Enter Address'; if (strlen($values['terms']) == 0) $errors['terms'] = 'Please Read Terms and Agreement and Check the box.'; if (!ereg('.*@.*\..{2,4}', $values['email'])) $errors['email'] = 'Email address invalid'; else if (strlen($values['email']) < 0) $errors['email'] = 'Enter Email Address'; return (count($errors) == 0); } function DisplayForm($values, $errors) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>GIA Soap » Products » Customer Informations</title> <link href="stylesheet/style.css" rel="stylesheet" type="text/css" /> <script type="text/javascript" src="js_files/jquery.js"></script> <script type="text/javascript" src="js_files/sliding_effect.js"></script> <script type="text/javascript" src="js_files/slideshow.js"></script> </head> <body> <div class="bg_top"> <div class="bg_bottom"> <div class="wrapper"> <div class="header"> <div class="logo"> </div> <div class="logo_text"> <div class="logo_head_text">Gia Soap Making</div> <div class="logo_sub_text">Sub text here</div> </div> </div> <div class="h_nav"> <div class="h_nav_dash"> </div> </div> <div class="container"> <div class="content_term"> <div class="content_terms"> <br /> <h1><p>Customer Information</p></h1><br /> <p>Please the following correctly.</p> <div class="customer_info"> <?php if (count($errors) > 0) echo "<p>There were some errors in your submitted form, please correct them and try again.</p>"; ?> <form method="post" action="<?= $_SERVER['PHP_SELF'] ?>"> <!-- hidden values --> <input type="hidden" value="<?php echo $papaya; ?>" name="papaya" /> <input type="hidden" value="<?php echo $carrot; ?>" name="carrot" /> <input type="hidden" value="<?php echo $guava; ?>" name="guava" /> <label for="customer_fname">First Name (<i>Required</i>)</label> <input type="text" class="textbox" id="customer_fname" name="customer_fname" value="<?= htmlentities($values['fname']) ?>" /> <span class="error_msg"><?= $errors['fname'] ?></span> <label for="customer_lname">Last Name (<i>Required</i>)</label> <input type="text" class="textbox" id="customer_fname" name="customer_fname" value="<?= htmlentities($values['lname']) ?>" /> <span class="error_msg"><?= $errors['lname'] ?></span> <label for="customer_mname">Middle Name (<i>Required</i>)</label> <input type="text" class="textbox" id="customer_fname" name="customer_fname" value="<?= htmlentities($values['mname']) ?>" /> <span class="error_msg"><?= $errors['mname'] ?></span> <label for="customer_add">Address (<i>Required : Complete Address Please</i>)</label> <input type="text" class="textbox" id="customer_add" name="customer_add1" value="<?= htmlentities($values['address']) ?>" /><br /> <input type="text" class="textbox" id="customer_add" name="customer_add2" /><br /> <input type="text" class="textbox" id="customer_add" name="customer_add3" /> <span class="error_msg"><?= $errors['address'] ?></span> <label for="customer_email">Email Address (<i>Required</i>)</label> <input type="text" class="textbox" id="customer_email" name="customer_email" value="<?= htmlentities($values['email']) ?>" /> <span class="error_msg"><?= $errors['email'] ?></span> <label for="customer_phone">Phone Number </label> <input type="text" class="textbox" id="customer_phone" name="customer_phone" /> <label for="customer_mobile">Mobile Number </label> <input type="text" class="textbox" id="customer_mobile" name="customer_mobile" /> <br /><br /> <div class="terms"> <center> <h1>Terms and Agreement</h1><br /> <p>Please read the following.</p><br /> </div> <br /> <input type="checkbox" name="terms" value="<?= htmlentities($values['terms']) ?>" /> I Read the Terms and Agreement<br /><br /> <span class="error_msg"><?= $errors['terms'] ?></span> <input type="submit" value="Send Order" class="prod_subbtn" /> </center> </form> </div> </div> </div> <div class="clear"></div> </div> <?php include ('includes/footer.php'); ?> </div> </div> </div> </body> </html> <?php } function ProcessForm($values) { $papaya = $_POST['papaya']; $carrot = $_POST['carrot']; $guava = $_POST['guava']; $fname = $_POST['fname']; $lname = $_POST['lname']; $mname = $_POST['mname']; $address = $_POST['address']; } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $formValues = $_POST; $formErrors = array(); if (!VerifyForm($formValues, $formErrors)) DisplayForm($formValues, $formErrors); else ProcessForm($formValues); } else DisplayForm(null, null); ?> The output is: [link text]1 Problem the value that I put is can be seen by users.

  Read the article

• How can I convert input to HTML Characters correctly

  - by Codex73

  Let's say I'm including a file which contains html. The html have characters as exclamation symbols, Spanish accents (á, ó). The parsed included text gets processed as symbols instead of their correct value. This happens on FF but not on IE (8). I have tried the following functions: htmlspecialchars, htmlentities, utf8_encode include htmlentities("cont/file.php"); Sample file.php contents: <div>Canción, “Song Name”</div> Output: Canci?n, ?Song Name?

  Read the article

• PHP & MySQL form question.

  - by peakUC

  How do I allow all users to have there username field empty without having them to enter a username when they submit the form using PHP and MySQL? Here is part my PHP and MySQL code. $username = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['username'])))); if(isset($_POST['username'])) { // Make sure the username address is available: $u = "SELECT * FROM users WHERE username = '$username' AND user_id <> '$user_id'"; $r = mysqli_query ($mysqli, $u) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($mysqli)); if (mysqli_num_rows($r) == TRUE) { // Unavailable. echo '<p class="error">Your username is unavailable!</p>'; $username = NULL; } else if(mysqli_num_rows($r) == 0) { // Available. $username = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['username'])))); } }

  Read the article

• having trouble with a mysql query

  - by chuck akers

  this keeps saying Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in directory here the error is near the login_query variable, can someone help me fix it. <?php if (isset($_POST['login_username'], $_POST['login_password'])) { $login_username = trim(mysql_real_escape_string(htmlentities($_POST['login_username']))); $login_password = md5(trim(mysql_real_escape_string(htmlentities($_POST['login_password'])))); if (!empty($login_username) && !empty($login_password)) { $login_query = mysql_query("SELECT user_id FROM username WHERE username='".$login_username."' AND password='".$login_password."'"); if (mysql_num_rows($login_query)==1) { $user_id = mysql_result($login_query, 0, 'user_id'); $_SESSION['user_id'] = $user_id; header('Location: index.php'); die(); } }} ?

  Read the article

• jquery json function returning null

  - by ian

  I have a jquery script as below: $.ajax({ type: "GET", url: "http://www.site.com/v4/ajax/get_song_info.php", data: ({id : song_id }), dataType: "json", success: function(data) { alert( "Data: " + data ); } }); And the associated php page: <?php include_once '../connect.php'; $song_id = $_GET['id']; $query = mysql_query("SELECT * FROM songs WHERE id = '$song_id' LIMIT 1"); $song = mysql_fetch_row($query); $song_info = array( htmlentities($song[3]) , htmlentities($song[4]) ); header('Content-Type: application/json'); echo json_encode($song_info); ?> The php returns something like this when I call it on its own in a browser: ["Peaches","I Feel Cream (Proxy Remix)"] However when I make the jQuery call my alert shows 'Data: null'

  Read the article

• An array of MySQL results...

  - by Michael Falk

  What am I doing wrong here? I am attempting to return a json object and I can't seem to get past the array... I've built hundreds of regular array and returned them as a json object but I am having a hard time wrapping my head around this one. $rows = array(); $post_array = array(); $i = 0; $result = mysql_query(" SELECT * FROM forum_posts WHERE permalink = '$permalink' AND LOWER(raw_text) LIKE '%$str%' " ); while($row = mysql_fetch_assoc($result)) { $post_array[$i] = $rows[ "id" => htmlentities($row["id"]), "post_content" => htmlentities($row["content"]), "author" => $row["author"], "last_updated" => $row["last_updated"], "author_id" => $row["author_id"], "editing_author" => $row["editing_author"], "date" => $outputQuoteDate ]; $i++; }

  Read the article

• "slash before every quote" problem

  - by Camran

  I have a php page which contains a form. Sometimes this page is submitted to itself (like when pics are uploaded). I wouldn't want users to have to fill in every field again and again, so I use this as a value of a text-input inside the form: value="<?php echo htmlentities(@$_POST['annonsera_headline'],ENT_COMPAT,'UTF-8');?>"> This works, except it adds a "\" sign before every double-quote... For instance writing 19" wheels gives after page is submitted to itself: 19\" wheels And if I don't even use htmlentities then everything after the quotes dissappears. What is the problem here?

  Read the article

• PHP - MySQL how to delete an image when a user submits a new image problem.

  - by pc-wiki

  I'm trying to delete the current image that is already set on the server when a user submits a new image to the server, but I don't know how to do add this to my current code can some one please help me? Here is my PHP & MySQL code. if(isset($_FILES["thumb"]["name"])) { if (file_exists("/images/" . $_FILES["thumb"]["name"])) { $thumb != $_FILES["thumb"]["name"]; } else if($_FILES["thumb"]["name"] == TRUE) { move_uploaded_file($_FILES["thumb"]["tmp_name"], "/images/" . mysqli_real_escape_string($mysqli, htmlentities(strip_tags(basename($_FILES["thumb"]["name"]))))); $thumb = mysqli_real_escape_string($mysqli, htmlentities(strip_tags(basename($_FILES["thumb"]["name"])))); } if($thumb == TRUE) { //create thumb code here... } }

  Read the article

• PHP: Writing non-english characters to XML - encoding problem

  - by Dean

  Hello, I wrote a small PHP script to edit the site news XML file. I used DOM to manipulate the XML (Loading, writing, editing). It works fine when writing English characters, but when non-English characters are written, PHP throws an error when trying to load the file. If I manually type non-English characters into the file - it's loaded perfectly fine, but if PHP writes the non-English characters the encoding goes wrong, although I specified the utf-8 encoding. Any help is appreciated. Errors: Warning: DOMDocument::load() [domdocument.load]: Entity 'times' not defined in filepath Warning: DOMDocument::load() [domdocument.load]: Input is not proper UTF-8, indicate encoding ! Bytes: 0x91 0x26 0x74 0x69 in filepath Here are the functions responsible for loading and saving the file (self-explanatory): function get_tags_from_xml(){ // Load news entries from XML file for display $errors = Array(); if(!$xml_file = load_news_file()){ // Load file // String indicates error presence $errors = "file not found"; return $errors; } $taglist = $xml_file->getElementsByTagName("text"); return $taglist; } function set_news_lang(){ // Sets the news language global $news_lang; if($_POST["news-lang"]){ $news_lang = htmlentities($_POST["news-lang"]); } elseif($_GET["news-lang"]){ $news_lang = htmlentities($_GET["news-lang"]); } else{ $news_lang = "he"; } } function load_news_file(){ // Load XML news file for proccessing, depending on language global $news_lang; $doc = new DOMDocument('1.0','utf-8'); // Create new XML document $doc->load("news_{$news_lang}.xml"); // Load news file by language $doc->formatOutput = true; // Nicely format the file return $doc; } function save_news_file($doc){ // Save XML news file, depending on language global $news_lang; $doc->saveXML($doc->documentElement); $doc->save("news_{$news_lang}.xml"); } Here is the code for writing to XML (add news): <?php ob_start()?> <?php include("include/xml_functions.php")?> <?php include("../include/functions.php")?> <?php get_lang();?> <?php //TODO: ADD USER AUTHENTICATION! if(isset($_POST["news"]) && isset($_POST["news-lang"])){ set_news_lang(); $news = htmlentities($_POST["news"]); $xml_doc = load_news_file(); $news_list = $xml_doc->getElementsByTagName("text"); // Get all existing news from file $doc_root_element = $xml_doc->getElementsByTagName("news")->item(0); // Get the root element of the new XML document $new_news_entry = $xml_doc->createElement("text",$news); // Create the submited news entry $doc_root_element->appendChild($new_news_entry); // Append submited news entry $xml_doc->appendChild($doc_root_element); save_news_file($xml_doc); header("Location: /cpanel/index.php?lang={$lang}&news-lang={$news_lang}"); } else{ header("Location: /cpanel/index.php?lang={$lang}&news-lang={$news_lang}"); } ?> <?php ob_end_flush()?>

  Read the article

• jQuery: AJAX umlauts & special characters are a mess

  - by rayne

  I've just created my first ajax function with jQuery which actually works, but unfortunately the character encoding (for characters like ä, ö, ü, ß, c, c, å, ø) is a nightmare. My files and my database are all UTF-8. I've tried a multitude of options in the ajax function and the PHP function, none of which were satisfactory. This is my ajax var dataString = { 'name': name, 'mail': mail // other stuff } $.ajax({ type: "POST", url: "/post.php", data: dataString, contentType: "application/x-www-form-urlencoded;charset=UTF-8", cache: false, success: function(html){ // do stuff } I've tried it without contentType: "application/x-www-form-urlencoded;charset=UTF-8" and I've tried to wrap the affected data in encodeURIComponent(), none of which worked. When I use that AJAX with htmlentities() in my php, my umlauts look like this in plain text: UE Ã?, AE Ã?, OE Ã?, ue ü, ae ä, oe o And like this in the database: UE Ãœ , AE Ä, OE Ö, ue ü, ae ä, oe o If I don't use htmlentities() but mysql_real_escape_string() instead (or neither), they look good in plain text, but they look like this in the database: AE Ä, OE Ö, UE Ãœ, ae ä oe ö ue ü I've been trying tons of options for hours now, but I can't find a solution that works. So far the only option I seem to have is having them look like a total mess in the database, but that would be very contraproductive if those data sets need to be edited.

  Read the article

• Getting Oracle's MD5 to match PHP's MD5

  - by Zenshai

  Hi all, I'm trying to compare an MD5 checksum generated by PHP to one generated by Oracle 10g. However it seems I'm comparing apples to oranges. Here's what I did to test the comparison: //md5 tests //php md5 print md5('testingthemd5function'); print '<br/><br/>'; //oracle md5 $md5query = "select md5hash('testingthemd5function') from dual"; $stid = oci_parse($conn, $md5query); if (!$stid) { $e = oci_error($conn); print htmlentities($e['message']); exit; } $r = oci_execute($stid, OCI_DEFAULT); if (!$r) { $e = oci_error($stid); echo htmlentities($e['message']); exit; } $row = oci_fetch_row($stid); print $row[0]; The md5 function (seen in the query above) in Oracle uses the 'dbms_obfuscation_toolkit.md5' package(?) and is defined like this: CREATE OR REPLACE FUNCTION PORTAL.md5hash (v_input_string in varchar2) return varchar2 is v_checksum varchar2(20); begin v_checksum := dbms_obfuscation_toolkit.md5 (input_string => v_input_string); return v_checksum; end; What comes out on my PHP page is: 29dbb90ea99a397b946518c84f45e016 )Û¹©š9{”eÈOEà Can anyone help me in getting the two to match?

  Read the article

• Wordpress - Set Published Date

  - by danit

  Using this function: function wpPostXMLRPC($title,$body,$rpcurl,$username, $password,$category,**$pubdate**,$keywords='',$encoding='UTF-8') { $title = htmlentities($title,ENT_NOQUOTES,$encoding); $keywords = htmlentities($keywords,ENT_NOQUOTES,$encoding); $content = array( 'title'=>$title, 'description'=>$body, 'mt_allow_comments'=>1, // 1 to allow comments 'mt_allow_pings'=>0, // 1 to allow trackbacks 'post_type'=>'post', 'post_status' => 'draft', **'post_date' =>$pubdate,** 'mt_keywords'=>$keywords, 'categories'=>array($category) ); $params = array(0,$username,$password,$content,true); $request = xmlrpc_encode_request('metaWeblog.newPost',$params); $ch = curl_init(); curl_setopt($ch, CURLOPT_POSTFIELDS, $request); curl_setopt($ch, CURLOPT_URL, $rpcurl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 1); $results = curl_exec($ch); curl_close($ch); return $results; } My Code: $title = $correctdataandtime; $body = '<a href="' . $links['alternate'] . '" />' . '<img src="' . $links['image'] . '" />' . '</a>'; $pubdate = date("Y-m-d H:i:s", $datetime); //Default Settings $rpcurl = 'http://vl3.co.uk/xmlrpc.php'; $username = 'admin'; $password = '3cdsbvre'; $category = '1'; //default is 1, enter a number here. $keywords = 'Twitter';//keywords comma seperated. $encoding ='UTF-8';//utf8 recommended wpPostXMLRPC($title,$body,$rpcurl,$username,$password,$pubdate,$category,$keywords,$encoding); Output of $pubdate is: 2010-04-05 19:25:31 However it still sets the published date as the date and time when i run the script.

  Read the article

• Does posting data with a textarea automatically add slashes to (escape) the text?

  - by animuson

  Ok, so I'm having a problem with a simple textarea. I'm using a kind of hidden page to easily encode some data using JSON. However, all of my text input is automatically being escaped somewhere and I don't know where. All of my $_POST variables are automatically run through the htmlentities() function when the script starts up, as seen below: $ani->i->post = $this->clean($_POST, true); function clean($values, $unset = false) { if (is_array($values)) { foreach ($values as $key => $value) { $newkey = strtolower($key); $return[$newkey] = $this->clean($value); unset($values[$key]); } return $return; } return htmlentities($values); } I keep getting \' for all of my single quotes when I put the value back into the textarea. I can't find anywhere where it would be adding slashes and I don't remember it being a feature that they were automatically added when you submit from a textarea, and if that was so, why would they not be returning back to a single quote when put back into the textarea? Do I really need to run variables through stripslashes() to get them back to their original form? Edit: My 'test.php' file is as follows: <h1>To Be Encoded:</h1> <form action="/test" method="post"> <textarea name="encode" rows="20" cols="50"><?= html_entity_decode($ani->i->post['encode']) ?></textarea> <input type="submit" name="submit" value="Encode It!" /> </form> <h1>Encoded By JSON:</h1> <textarea name="encoded" rows="20" cols="50"><?= json_encode(html_entity_decode($ani->i->post['encode'])) ?></textarea> <?php die(); ?> P.S. The die() is just there for compatibility with my framework.

  Read the article

• jQuery replaceWith(data) is not correctly doing his job

  - by Tristan

  Hello, i did a small ajax div refresh, but instead of replacing the values with the new ones, jquery adds the new data before the old ones. What possibily causes that please ? <script type="text/javascript"> $(document).ready(function(){ $('#AJAX').click(function(e){ e.preventDefault(); var hebergeur = $('#hebergeurJQUERY').val(); $.post("/statistiques/maj-bloc-commentaires.php", { hebergeur : hebergeur }, function(data){ // déclenchée seulement si succès $("#TOREPLACE").replaceWith(data).val( ); }); }); }); </script> The HTML : print '<div id="a_remplacer"> <div class="detail_commentaires"> <table class="tableau_detail_commentaires"> <tr> <td class="tab_space">Serveur <strong>'.$row['type'].'</strong></td> <td>Qualite</td> <td style="color:'.$c_vote.'">'.htmlentities($row['vote']).'</td> </tr> </div> </div> The PHP ajax echo : print '<div id="a_remplacer"><div class="detail_commentaires" > <table class="tableau_detail_commentaires"> <tr> <td class="tab_space">Serveur <strong>'.$row['type'].'</strong></td> <td>Qualite</td> <td style="color:'.$c_vote.'">'.htmlentities($row['vote']).'</td> </tr></div></div> Thanks

  Read the article

• Tracking Votes and only allowing 1 vote per member

  - by MikeAdams

  What I'm trying to do is count the votes when someone votes on a "page". I think I lost myself trying to figure out how to track when a member votes or not. I can't seem to get the code to tell when a member has voted. //Generate code ID $useXID = intval($_GET['id']); $useXrank = $_GET['rank']; //if($useXrank!=null && $useXID!=null) { $rankcheck = mysql_query('SELECT member_id,code_id FROM code_votes WHERE member_id="'.$_MEMBERINFO_ID.'" AND WHERE code_id="'.$useXID.'"'); if(!mysql_fetch_array($rankcheck) && $useXrank=="up"){ $rankset = mysql_query('SELECT * FROM code_votes WHERE member_id="'.$_MEMBERINFO_ID.'"'); $ranksetfetch = mysql_fetch_array($rankset); $rankit = htmlentities($ranksetfetch['ranking']); $rankit+="1"; mysql_query("INSERT INTO code_votes (member_id,code_id) VALUES ('$_MEMBERINFO_ID','$useXID')") or die(mysql_error()); mysql_query("UPDATE code SET ranking = '".$rankit."' WHERE ID = '".$useXID."'"); } elseif(!mysql_fetch_array($rankcheck) && $useXrank=="down"){ $rankset = mysql_query('SELECT * FROM code_votes WHERE member_id="'.$_MEMBERINFO_ID.'"'); $ranksetfetch = mysql_fetch_array($rankset); $rankit = htmlentities($ranksetfetch['ranking']); $rankit-="1"; mysql_query("INSERT INTO code_votes (member_id,code_id) VALUES ('$_MEMBERINFO_ID','$useXID')") or die(mysql_error()); mysql_query("UPDATE code SET ranking = '".$rankit."' WHERE ID = '".$useXID."'"); } // hide vote links since already voted elseif(mysql_fetch_array($rankcheck)){$voted="true";} //}

  Read the article

• How to limit a user to entering 10 keywords or less using PHP & MySQL?

  - by G4TV

  I'm trying to limit my users to entering at least 10 keywords and was wondering how would I be able to do this using PHP & MySQL with my current Keyword script? Here is the add keywords PHP MySQL code. if (isset($_POST['tag']) && trim($_POST['tag'])!=='') { $tags = explode(",", $_POST['tag']); for ($x = 0; $x < count($tags); $x++){ $mysqli = mysqli_connect("localhost", "root", "", "sitename"); $query1 = "INSERT INTO tags (tag) VALUES ('" . mysqli_real_escape_string($mysqli, strtolower(htmlentities(trim(strip_tags($tags[$x]))))) . "')"; if (!mysqli_query($mysqli, $query1)) { print mysqli_error($mysqli); return; } $mysqli = mysqli_connect("localhost", "root", "", "sitename"); $dbc = mysqli_query($mysqli,"SELECT id FROM tags WHERE tag='" . mysqli_real_escape_string($mysqli, strtolower(htmlentities(trim(strip_tags($tags[$x]))))) . "'"); if (!$dbc) { print mysqli_error($mysqli); } else { while($row = mysqli_fetch_array($dbc)){ $id = $row["id"]; } } $query2 = "INSERT INTO question_tags (tag_id, question_id, user_id, date_created) VALUES ('$id', '$question', '$user', NOW())"; if (!mysqli_query($mysqli, $query2)) { print mysqli_error($mysqli); return; } } }

  Read the article

• Do i need to apply htmlspecialchars / htmlentites on json array?

  - by Imran Omar Bukhsh

  I wanted to ask that in a php script of mine which I am accessing through an ajax request, I am returning json data ( converted from an array ) as such echo json_encode($row_array); I get this data in jquery and display it in a form. Do i need to apply htmlspecialchars / htmlentites before returning the data? Is do then whats the correct way to do it? The following code gives me an error: echo htmlentities(json_encode($row_array)); Thanking you Imran

  Read the article

• What are the best practices for avoid xss attacks in a PHP site

  - by rikh

  I have PHP configured so that magic quotes are on and register globals are off. I do my best to always call htmlentities() for anything I am outputing that is derived from user input. I also occasionally seach my database for common things used in xss attached such as... <script What else should I be doing and how can I make sure that the things I am trying to do are always done.

  Read the article

• convert special characters but not tags

  - by Tom

  I've got some text which needs converting to use HTML entities, but it also contains tags. Here's a sample: <p>Ofcom issued the warning to Global-owned GWR in Bristol – which is required to operate as a "contemporary and chart music and information station" – for operating outside the music </p> The (" and -) need to be converted but the paragraph tags must remain HTML. Using something like htmlentities converts everything, how can I convert everything but the tags?

  Read the article

• cant get regex to work as i want

  - by Jorm

  With this function: function bbcode_parse($str) { $str = htmlentities($str); $find = array( '/\\*\*(.[^*]*)\*\*/is', ); $replace = array( '<b>' ); $str = preg_replace($find, $replace, $str); return $str; } And with text "My name is **bob**" I get in source code Hi my name is <b> Been trying to get this to work for a while now. Would appricate some expert help :)

  Read the article

• Want to show <embed> and <object> tags from YUI editor as a text rather then a video.

  - by user208678

  I am using YUI rich text editor on my website (php/mysql), so that a user may enter textual matter/articles through it. But if a user copies and paste some embed code in the textarea, from any video sites like youtube, it should get saved as a text block and not as a playing video when showing the text content on the browser. Now YUI automatically converts the characters into html entities which ever is needed. Please note that if I put a new line in the yui editor (by pressing "Enter" key), it will be converted into a "<br>" tag in the background and this will not get html entity encoded when passing the value to my backend PHP script. But If I copy and paste any embed tag or for that reason any valid html tags in the textarea, it will be html entity encoded by YUI. Now to support UTF-8 characters, I am using a function (DBVarConv) in my php script before saving it into my database. The code for the function is given below function DBVarConv($var,$isEncoded = false) { if($isEncoded) return addslashes(htmlentities($var, ENT_QUOTES, 'UTF-8', false)); else return htmlentities ($var, ENT_QUOTES, 'UTF-8', false); } $myeditorData = DBVarConv($myeditorData, true); // Save $myeditorData in database. While showing the data in the browser, I am using another function called "smart_html_entity_decode". The code is given below. function smart_html_entity_decode($text, $isAddslashesUsed = false) { if($isAddslashesUsed) $tmp = stripslashes(html_entity_decode($text, ENT_QUOTES, 'UTF-8')); else $tmp = html_entity_decode($text, ENT_QUOTES, 'UTF-8'); if ($tmp == $text) return $tmp; return smart_html_entity_decode($tmp, $isAddslashesUsed); } // Get $myData from database $myData=smart_html_entity_decode($myData, true); echo $myData; The problem is that in doing so, it is also decoding the embed and object tags from their html encoded entities and as a result my obejct tags are shown as a video and not as a simple text. Try using the text editor at tumblr.com. If you paste an embed code in the editor, it will be shown as a text block not as a video. I am trying to build the same functionality on my website with UTF-8 support. Any help will be highly appreciated.

  Read the article

< Previous Page | 1 2 3 4 5  | Next Page >