Search Results

Search found 2874 results on 115 pages for 'magic quotes gpc'.

Page 25/115 | < Previous Page | 21 22 23 24 25 26 27 28 29 30 31 32  | Next Page >

  • Parameterized SQL statements vs. very simple method

    - by Philipp G
    When I started to write the first SQL-Statements in my programs I felt quite comfortable with protecting myself against SQL-Injection with a very simple method that a colleague showed me. It replaced all single quotes with two single quotes. So for example there is a searchfield in which you can enter a customername to search in the customertable. If you would enter Peter's Barbershop The SELECT Statement would look like SELECT * FROM Customers WHERE Customername = 'Peter''s Barbershop' If now an attacker would insert this: ';DROP TABLE FOO; -- The statement would look like: SELECT * FROM Customers WHERE Customername = ''';DROP TABLE FOO;--' It would not drop any table, but search the customertable for the customername ';DROP TABLE FOO;-- which, I suppose, won't be found ;-) Now after a while of writing statements and protecting myself against SQL-Injection with this method, I read that many developers use parameterized statements, but I never read an article where "our" method was used. So definitely there is a good reason for it. What scenarios would parameterized statements cover but our method doesn't? What are the advantages of parameterized statements compared to our method? Thanks Philipp

    Read the article

  • Can you use back references in the pattern part of a regular expression?

    - by Camsoft
    I there a way to back reference in the regular expression pattern? Example input string: Here is "quoted text" some quoted text. Say I want to pull out the quoted text, I could create the following expression: "([^"]+)" This regular expression would match quoted text. Say I want it to also support single quotes, I could change the expression to: ["']([^"']+)["'] But what if the input string has a mixture of quotes say Here is 'quoted text" some quoted text. I would not want the regex to match. Currently the regex in the second example would still match. What I would like to be able to do is if the first quote is a double quote then the closing quote must be a double. And if the start quote is single quote then the closing quote must be single. Can I use a back reference to achieve this?

    Read the article

  • Why am I getting "Enter Parameter Value" when running my MS Access query?

    - by DanM
    In my query, I use the IIF function to assign either "Before" or "After" to a field named BeforeOrAfter using AS. When I run this query, however, the "Enter Parameter Value" dialog appears, requesting a value for BeforeOrAfter. If I remove BeforeOrAfter DESC from the ORDER BY clause, I don't get the dialog. Here is the offending query: SELECT d.Scenario, e.Event, IIF(d.LogTime < e.Time, 'Before','After') AS BeforeOrAfter, d.HeartRate FROM Data d INNER JOIN Events e ON d.Scenario = e.Scenario WHERE e.Include = Yes ORDER BY d.Scenario, e.Id, BeforeOrAfter DESC Question: Why is my AS BeforeOrAfter not being recognized by the ORDER BY clause? Why does it ask me to enter a parameter value for "BeforeOrAfter" when I run this query? Note: I tried using brackets, single quotes, double quotes, etc., but none of that made any difference.

    Read the article

  • Converting an array to JSON and passing that to asmx

    - by user96403
    Hi. I am trying to use JSON.stringify() (from json2.js of json[dot]org ) to convert a JavaScript array to JSON string and to pass it to an asmx web method. I use jQuery AJAX. The call reaches the web method where I take a List <Object> as parameter but I get an empty list there in debug mode. My JSON string looks like well formed with all data , I even tried having single-quotes and double-quotes(escaped) around the 'names' of the JSON string. Please help.

    Read the article

  • Error in SQL Syntax ERROR1064

    - by 01010011
    Hi, Everytime I try to create the following table in MySQL command line: CREATE TABLE book(book_id int NOT NULL AUTO_INCREMENT PRIMARY KEY, isbn char(20), title char(20), author_f_name char(20), author_l_name char(20), condition ENUM("as new","very good","good","fair","poor"), price decimal(8,2), genre char(20)); I keep getting this error message: ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL version for the right syntax to use near 'condition ENUM("as new","very good","good","fair","poor"), price decimal(8,2), g' at line 6 I've tried using single quotes and double quotes for the ENUM options. Where did I go wrong?

    Read the article

  • python - sys.argv and flag identification

    - by tekknolagi
    when I accept arguments how do I check if two show up at the same time without having a compound conditional i.e. #!/usr/bin/python import random, string import mymodule import sys z = ' '.join(sys.argv[2:]) q = ''.join(sys.argv[3:]) a = ''.join(sys.argv[2:]) s = ' '.join(sys.argv[1:]) flags = sys.argv[1:5] commands = [["-r", "reverse string passed next with no quotes needed."], ["-j", "joins arguments passed into string. no quotes needed."], ["--palindrome", "tests whether arguments passed are palindrome or not. collective."],["--rand","passes random string of 10 digits/letters"]] try: if "-r" in flags: if "-j" in flags: print mymodule.reverse(q) if not "-j" in flags: print mymodule.reverse(z) if "-j" in flags: if not "-r" in flags: print a if "--palindrome" in flags: mymodule.ispalindrome(z) if (not "-r" or not "-j" or not "--palindrome") in flags: mymodule.say(s) if "--rand" in flags: print(''.join([random.choice(string.ascii_letters+"123456789") for f in range(10)])) if not sys.argv[1]: print mymodule.no_arg_error if "--help" in flags: print commands except: print mymodule.no_arg_error i just want to be able to say if "-r" and "-j" in flags in no particular order: do whatever

    Read the article

  • REXML Formatting issues

    - by dagda1
    Hi, I am using REXML to edit an xml file but have ran into difficulties with formatting. My original code looked like this: file = File.new( destination) doc = REXML::Document.new file doc.elements.each("configuration/continuity2") do |element| element.attributes["islive"] = "true" element.attributes["pagetitle"] = "#{@client.page_title}" element.attributes["clientname"] = "#{@client.name}" end doc.elements.each("configuration/continuity2/plans") do |element| element.attributes["storebasedir"] = "#{@client.store_dir}" end I first of all had to add the following code as REXML was adding single quotes instead of double quotes. I found the following via google: REXML::Attribute.class_eval( %q^ def to_string %Q[#@expanded_name="#{to_s().gsub(/"/, '&quot;')}"] end ^ ) I also have a problem in that REXML is reformatting the document. are there ways to stop this? Cheers Paul

    Read the article

  • Having an @ inside of a string - PHP

    - by Msencenb
    So I know that you use a backslash to escape most things in php however the @ symbol is an operator that suppresses error messages. I'm trying to put an email string like this inside of an array "[email protected]", however php is throwing an error. How do you escape the @ sign? EDIT: Here is the code example that was throwing the error: $arr = array(3=> "[email protected]",4=> "[email protected]"); However replacing the double quotes with single quotes fixes the error as answered below.... why is that true?

    Read the article

  • How to use > in an xargs command?

    - by jesse
    I want to find a bash command that will let me grep every file in a directory and write the output of that grep to a separate file. My guess would have been to do something like this ls -1 | xargs -I{} "grep ABC '{}' > '{}'.out" but, as far as I know, xargs doesn't like the double-quotes. If I remove the double-quotes, however, then the command redirects the output of the entire command to a single file called '{}'.out instead of to a series of individual files. Does anyone know of a way to do this using xargs? I just used this grep scenario as an example to illustrate my problem with xargs so any solutions that don't use xargs aren't as applicable for me.

    Read the article

  • Is str.replace(..).replace(..) ad nauseam a standard idiom in Python?

    - by meeselet
    For instance, say I wanted a function to escape a string for use in HTML (as in Django's escape filter): def escape(string): """ Returns the given string with ampersands, quotes and angle brackets encoded. """ return string.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace("'", '&#39;').replace('"', '&quot;') This works, but it gets ugly quickly and appears to have poor algorithmic performance (in this example, the string is repeatedly traversed 5 times). What would be better is something like this: def escape(string): """ Returns the given string with ampersands, quotes and angle brackets encoded. """ # Note that ampersands must be escaped first; the rest can be escaped in # any order. return replace_multi(string.replace('&', '&amp;'), {'<': '&lt;', '>': '&gt;', "'": '&#39;', '"': '&quot;'}) Does such a function exist, or is the standard Python idiom to use what I wrote before?

    Read the article

  • How do i put this chunk of code into a php variable?

    - by Theron Chong
    if (isset($_SESSION['name'])){ //select BID and duedates which are between the range of 1-3 days // before due date from current date $query = "SELECT DueDate FROM item WHERE DueDate BETWEEN '$warning2' and '$warning' and user='$_SESSION[name]' ORDER BY DueDate DESC"; $find = mysql_query($query); $alert = mysql_num_rows($find); if ($alert>=1){ echo "You have got " .$alert. " item(s) due on: </br >"; while ($item = mysql_fetch_array($find)){ echo $item['DueDate']; echo "<br />"; } } echo "Success!"; } Question: How do i input all this code into a single php variable, say $alert. I am not clear of where to put single quotes or double quotes to make it work. At the end of the day, I will be using the variable for a javascript alert box.

    Read the article

  • Passing parameters to Javascript using PHP

    - by ayush
    I have the following line of code: <a href="javascript:;" onClick="tweeet('myid')">My Tweets!</a> Now while this is working perfectly fine the following line is not: <a href="javascript:;" onClick="tweeet(<?php echo 'myid'; ?>)">My Tweets!</a> Can anyone help me out why it is not working and suggest any changes? The variable I want to pass to the Javascript function is a PHP variable. I have tried the PHP with single quotes and double quotes but it is not working.

    Read the article

  • What's the fastest way to strip and replace a document of high unicode characters using Python?

    - by Rhubarb
    I am looking to replace from a large document all high unicode characters, such as accented Es, left and right quotes, etc., with "normal" counterparts in the low range, such as a regular 'E', and straight quotes. I need to perform this on a very large document rather often. I see an example of this in what I think might be perl here: http://www.designmeme.com/mtplugins/lowdown.txt Is there a fast way of doing this in Python without using s.replace(...).replace(...).replace(...)...? I've tried this on just a few characters to replace and the document stripping became really slow.

    Read the article

  • passing parameters to javacsript using php

    - by ayush
    i have the following line of code - <a href="javascript:;" onClick="tweeet('myid')">My Tweets!</a> Now while this is working perfectly fine the following line is not - <a href="javascript:;" onClick="tweeet(<?php echo 'myid'; ?>)">My Tweets!</a> Can anyone help me out why it is not working and suggest any changes. The variable i want to pass to the javascript function is a php variable. also i have tried the php with single quotes and double quotes but it is not working.

    Read the article

  • Syntax error in SharePoint calculated column formula

    - by Jan Aagaard
    Is it possible to debug SharePoint calculated column formulas? I am trying with a really simple SharePoint calculated formula =IF([YTD]<[Budget], "OK", "Not OK"). This being a Danish installations of SharePoint I believe the fomula should look like this: =HVIS([YTD]<=[Budget]; "OK"; "Not OK") But this just leaves with the same syntax error or not supported error. I have tried all combinations of IF/HVIS, with/without the square brackets, comma/semicolon, single quotes/double quotes, but nothing works. The formula =YTD<=Budget works.

    Read the article

  • Ruby on Rails: how to render a string as HTML?

    - by Tim
    I have @str = "<b>Hi</b>" and in my erb view: <%= @str > What will display on the page is: <b>Hi</b> when what I really want is Hi. What's the ruby way to "interpret" a string as HTML markup? Edit: the case where @str = "<span class=\"classname\">hello</span>" If in my view I do <%raw @str %> The HTML source code is <span class=\"classname\">hello</span where what I really want is <span class="classname">hello</span> (without the backslashes that were escaping the double quotes). What's the best way to "unescape" those double quotes?

    Read the article

  • MySQL break out group clause from subquery

    - by Anton Gildebrand
    Here is my query SELECT COALESCE(js.name,'Lead saknas'), count(j.id) FROM jobs j LEFT JOIN job_sources js ON j.job_source=js.id LEFT JOIN (SELECT * FROM quotes GROUP BY job_id) q ON j.id=q.job_id GROUP BY j.job_source The problem is that it's allowed for each job to have more than one quote. Because of that i group the quotes by job_id. Now sure, this works. But i don't like the solution with a subquery. How can i break out the group clause from the subquery to the main query? I have tried to add q.job_id to the main group clause, both before and after the existing one but don't get the same results.

    Read the article

  • random quote generator with php, ajax and mysql

    - by fusion
    i've tried using this code and this to make a random quote generator, but it doesn't display anything. my questions are: what is wrong with my code? in the above tut, the quote is generated on a button click, i'd like a random quote to be displayed every 30 mins automatically. how do i do this? //////////////////////// quote.html: <!DOCTYPE html> <script src="ajax.js" type="text/javascript"></script> <body> <!–create the div for the quotes land–> <div id="quote"><strong>this</strong></div> <div><a style="cursor:pointer" onclick="run_query();">Next quote …</a></div> </body> </html> ///////////////////// quote.php: <?php include 'config.php'; // 'text' is the name of your table that contains // the information you want to pull from $rowcount = mysql_query("select count(*) as rows from quotes"); // Gets the total number of items pulled from database. while ($row = mysql_fetch_assoc($rowcount)) { $max = $row["rows"]; } // Selects an item's index at random $rand = rand(1,$max)-1; $result = mysql_query("select * from quotes limit $rand, 1"); $row = mysql_fetch_array($result); $randomOutput = $row['storedText']; echo '<p>' . $randomOutput . '</p>'; //////////// ajax.js: var xmlHttp function run_query() { xmlHttp=GetXmlHttpObject(); if (xmlHttp==null) { alert ("This browser does not support HTTP Request"); return; } // end if var url="quote.php"; xmlHttp.onreadystatechange=stateChanged; xmlHttp.open("GET",url,true); xmlHttp.send(null); } //end function function stateChanged(){ if (xmlHttp.readyState==4 || xmlHttp.readyState=="complete"){ document.getElementById("quote").innerHTML=xmlHttp.responseText; } //end if } //end function function GetXmlHttpObject() { var xmlHttp=null; try { // For these browsers: Firefox, Opera 8.0+, Safari xmlHttp=new XMLHttpRequest(); }catch (e){ //For Internet Explorer try{ xmlHttp=new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { xmlHttp=new ActiveXObject("Microsoft.XMLHTTP"); } } return xmlHttp; } //end function

    Read the article

  • Assign multiple css classes to a table element in Rails

    - by Eric K
    I'm trying to style a table row using both cycle and a helper, like shown: <tr class= <%= cycle("list-line-odd #{row_class(item)}", "list-line-even #{row_class(item)}")%> > However, when I do this, the resulting HTML is: <tr class = "list-line-odd" lowest-price> with the return from the helper method not enclosed in the quotes, and therefore not recognized. Here's the helper I'm using: def row_class(item) if item.highest_price > 0 and item.lowest_price > 0 and item.highest_price != item.lowest_price if item.current_price >= item.highest_price "highest-price" elsif item.current_price <= item.lowest_price "lowest-price" end end end I must be missing something obvious, but I just can't figure out how to wrap both the result of cycle and the helper method return in the same set of quotes. Any help would be greatly appreciated!

    Read the article

  • How to avoid translation tools from messing up HTML tags?

    - by janoChen
    I always use Google translate and paste back the the results in Vim. But for some reason Google translate also screws up the HTML tags around the content I want to translate. Is there a solution for this? For instance, the double quotes are translated to Chinese-cased double quotes: 'pictures_h2'=>“?????????? Strong and li tags are translated too (well I kinda expected that). P S : IS there any translator which respect HTML tags? or translation plugin for Vim?

    Read the article

  • JQuery+Java setting field value with val() + single quote

    - by Fabio K
    I have a problem setting the value of a textarea element with jquery's val(). Basically, I have a JSP file which receives a string parameter called 'text'. Java code: String text = (String) request.getParameter('text'); Now I want my textarea element to receive this text: Javascript code: $('#textarea_id').val('<%=text%>'); It works when my text doesnt contain quotes single quotes (and possibly other chars). For example, for text = test' this error happens: Uncaught SyntaxError: Unexpected token ILLEGAL $('#textarea_id').val('test''); I hope you guys understand. I need a way to encode this value... i tried using escape so the quote is replaced by %27, but after unescaping its replaced again and the error happens. Thanks!

    Read the article

  • Help Fix a bug - Unexpected T_STRING

    - by thecoshman
    So I have just rebuilt my server, just on local network. Stick my site back on it, try to run the code, and I get a anice T_STRING error. This is all very strange, as I have not changed the code :S <?php $window_ID = -1; if(isset($_POST["window_ID"]) AND $_POST["window_ID"] != null){ $window_ID = trim($_POST["window_ID"]); } ?> This is the start of the file, apter this rather loverly snipit of PHP the rest is just XMl, yet on line 6 appertnlty there is an unexpected T_STRING, which is strange considering all that is on that line is the ?>, then the XML starts up... Any one got any ideas what has gone wrong here? Any chance it ould be magic quotes? I had turned it of before, but I want to now update my code to check for the magic quotes and avoid its stupid actions.

    Read the article

  • How do I conditionally assign ruby variables to javascript variables?

    - by Tony
    I have a website where I need a javascript version of the "current user" object along with the ruby version. I have been assigning these variables doing something like this... Application Controller: def get_user begin @current_user = User.find(session[:user_id]) if session[:user_id] @current_user_json = @current_user.to_json rescue session.delete(:user_id) @current_user = nil @current_user_json = {} end end Web Page: var current_user = null; current_user_json = '<%= @current_user_json %>'; if(current_user_json != ''){ current_user = current_user_json.user; } Even when there is a current user, I get the current user is undefined. Probably because I am putting the current_user_json assignment around single quotes. However, if I don't put it around single quotes, I'll always get a javascript error when no user is logged in because the syntax is invalid - current_user_json = ; I think I am just looking at this completely wrong and there must be a better way. Given that this is probably a common thing to do, I wanted to get other people's opinion on how to create an object in javascript that is a duplicate of the ruby object.

    Read the article

  • How to set PATH to another variable value with spaces in Windows batch file

    - by Evgeny
    I've got a Windows batch script issue that I'm bashing my head against (no pun intended). The problematic script looks like this: if defined _OLD_VIRTUAL_PATH ( set PATH=%_OLD_VIRTUAL_PATH% ) When I run it and _OLD_VIRTUAL_PATH is set I get: \Microsoft was unexpected at this time. _OLD_VIRTUAL_PATH is a variable that was originally set from PATH and it contains spaces - I'm pretty sure that's the problem. But what's the solution? It runs successfully if I enclose it in quotes, but I don't think the entire value of the PATH variable is supposed to be in quotes.

    Read the article

< Previous Page | 21 22 23 24 25 26 27 28 29 30 31 32  | Next Page >