Search Results

Search found 1174 results on 47 pages for 'escape'.

Page 5/47 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • best way to escape and create a slug

    - by Mac Taylor
    hey guys im somehow confused in using proper functions to escape and create a slug i used this : $slug_title = mysql_real_escape_string()($mtitle); but someone told me not to use it and use urlencode() which one is better for slugs and security as i can see in SO , it inserts - between words : http://stackoverflow.com/questions/941270/validating-a-slug-in-django thanx in advanced

    Read the article

  • Escape Single Quotes in Template Toolkit

    - by Zach
    Do you ever escape single quotes in template toolkit for necessary javascript handlers? If so, how do you do it. [% SET s = "A'B'C" %] <a href="/abc.html" onclick="popup('[% s | html_entity %]')">ABC</a> html_entity obviously doesn't work because it only handles the double quote. So how do you do it?

    Read the article

  • What's the best, Escape then store Or store then escape the output?

    - by Axel
    Hi, After doing a long search on stackoverflow i didn't find any one talked about this even if it's a big choice, the Question is what's the best in order to prevent both of XSS and SQL injection, Escaping the data then store it in the DB or Store it as it is and escape when output it? Note: it is better if you give some examples of practics if possible. Thanks

    Read the article

  • Determining when or when not to escape output

    - by Ygam
    I have a page, where I have approximately 90 items I need to output. Most of them are object properties (I am using ORM so these objects map to my database tables). But the question is, do I have to escape each of those 90 outputs by applying functions to each (in my case, the htmlspecialchars)? Wouldn't that add a bit of an overhead (calling a single function 90 times)?

    Read the article

  • how to detect escape characters in a string

    - by mix
    Given a string named line whose raw version has this value: \rRAWSTRING how can I detect if it has the escape character \r? What I've tried is: if repr(line).startswith('\r'): blah... but it doesn't catch it. I also tried find, such as: if repr(line).find('\r') != -1: blah doesn't work either. What am I missing? thx!

    Read the article

  • Escape hyperlink with exclamation marks in php.ini

    - by Ciaran McNulty
    I have a config file that takes text warnings like follows: warnings.1 = Please check the date These are presented to the user as HTML. I need to embed a hyperlink like the following: warnings.1 = <a href="http://foo.com/!FOO!/">check with foo</a> I can't for the life of me figure out how to escape this such that parse_ini_file() can read it and get that string the way I want.

    Read the article

  • PHP: Escape illegal chars in .ini-files

    - by Martin
    The documentation on parse_ini_file (http://php.net/manual/en/function.parse-ini-file.php) states that you can't use these chars {}|&~![()^" in the value. Is there some way to escape these chars? I need to use them. Normal escaping with \ doesn't seem to work.

    Read the article

  • How do I escape backslashes in JSON?

    - by peteb
    I am using Firefox's native JSON.parse() to parse some JSON strings that include regular expressions as values, for example: var test = JSON.parse('{"regex":"/\\d+/"}'); The '\d' in the above throws an exception with JSON.parse(), but works fine when I use eval (which is what I'm trying to avoid). What I want is to preserve the '\' in the regex - is there some other JSON-friendly way to escape it?

    Read the article

  • How to escape LIKE %$var% with Doctrine?

    - by Peter Smit
    I am making a Doctrine query and I have to do a wildcard match in the where clause. How should I escape the variable that I want to insert? The query I want to get: SELECT u.* FROM User as u WHERE name LIKE %var% The php code until now: $query = Doctrine_Query::create() ->from('User u') ->where(); What should come in the where clause? The variable I want to match is $name

    Read the article

  • escape % in objective c

    - by Saurabh
    Hello All, I want to make an sql statement - sqlStatement = [NSString stringWithFormat:@"SELECT * FROM movies where title like '%%@%'",searchKeyword]; But sqlStatement is becoming - "SELECT * FROM movies where title like '%@'" I want to make it "SELECT * FROM movies where title like '%searchKeyword%'" How can I escape the "%" character? Thanks

    Read the article

  • How do I export HKEY_CURRENT_USER\Console\%SystemRoot%_system32_cmd.exe with regedit from cmd.exe?

    - by René Nyffenegger
    I am trying to export the registry key HKEY_CURRENT_USER\Console\%SystemRoot%_system32_cmd.exe but am unable to do so, probably because of the percent signs. I tried to escape the %-sign with a caret or another %-sign, but this didn't help me: regedit /e c:\temp\cmd.reg "HKEY_CURRENT_USER\Console\%%SystemRoot%%_system32_cmd.exe" and regedit /e c:\temp\cmd.reg "HKEY_CURRENT_USER\Console\^%SystemRoot^%_system32_cmd.exe" So, is there a way to do what I want. Edit as per ??????? ???????????'s comment: the key is the exact string, with the percent signs. So I don't want %SystemRoot% expanded, but passed to regedit as is.

    Read the article

  • Trouble with backslash characters and rsyslog writing to postgres

    - by Flimzy
    I have rsyslog 4.6.4 configured to write mail logs to a PostgreSQL database. It all works fine, until the log message contains a backslash, as in this example: Jun 12 11:37:46 dc5 postfix/smtp[26475]: Vk0nYDKdH3sI: to=<[email protected], relay=----.---[---.---.---.---]:25, delay=1.5, delays=0.77/0.07/0.3/0.35, dsn=4.3.0, status=deferred (host ----.---[199.85.216.241] said: 451 4.3.0 Error writing to file d:\pmta\spool\B\00000414, status = ERROR_DISK_FULL in "DATA" (in reply to end of DATA command)) The above is the log entry, as written to /var/log/mail.log. It is correct. The trouble is that the backslash characters in the file name are interpreted as escapes when sent to the following SQL recipe: $template dcdb, "SELECT rsyslog_insert(('%timereported:::date-rfc3339%'::TIMESTAMPTZ)::TIMESTAMP,'%msg:::escape-cc%'::TEXT,'%syslogtag%'::VARCHAR)",STDSQL :syslogtag, startswith, "postfix" :ompgsql:/var/run/postgresql,dc,root,;dcdb As a result, the rsyslog_insert() stored procedure gets the following value for as msg: Vk0nYDKdH3sI: to=<[email protected], relay=----.---[---.---.---.---]:25, delay=1.5, delays=0.77/0.07/0.3/0.35, dsn=4.3.0, status=deferred (host ----.---[199.85.216.241] said: 451 4.3.0 Error writing to file d:pmtaspoolB The \p, \s, \B and \0 in the file name are interpreted by PostgreSQL as literal p, s, and B followed by a NULL character, thus early-terminating the string. This behavior can be easiily confirmed with: dc=# SELECT 'd:\pmta\spool\B\00000414'; ?column? -------------- d:pmtaspoolB (1 row) dc=# Is there a way to correct this problem? Is there a way I'm not finding in the rsyslog docs to turn \ into \\?

    Read the article

  • Why do the Escape and Enter keys not always do the right thing in dialog boxes?

    - by Michael Goldshteyn
    Why is it that when a dialog pops up, the Escape key doesn't always cancel it and the Enter key doesn't always press the default button? Shouldn't this be a standard across all dialog boxes in all applications? I have gotten into the habit of pressing Escape to cancel a dialog and Enter to confirm it, but applications (and especially KDE, GNOME and Unity in many many cases) seem to ignore my wishes. What is the problem? Is consitency too much to ask?

    Read the article

  • How to escape % in roxygen literate programming?

    - by Karsten W.
    The default value of a parameter of my function contains a "%". This seems to be a problem for roxygen, it produces a lot of warnings and R CMD check fails when trying to build latex documentation. How can I make this function (and its documentation) work? Using %% or \% instead of % does not help. #' Test escape \% from in-source documentation (roxygen). #' #' What happens when parameters contain special latex characters? #' #' @param x unsuspicious parameter #' @param format sprintf format string (default "\%5.0f") #' #' @return formatted string #' @export #' @author Karsten Weinert testroxy <- function(x, format = "%5.0f") { sprintf(format,x) }

    Read the article

  • Objective C HTML escape/unescape

    - by Squeegy
    Wondering if there is an easy way to do a simple HTML escape/unescape in Objective C. What I want is something like this psuedo code: NSString *string = @"&lt;span&gt;Foo&lt;/span&gt;"; [string stringByUnescapingHTML]; Which returns <span>Foo</span> Hopefully unescaping all other HTML entities as well and even ASCII codes like Ӓ and the like. Is there any methods in Cocoa Touch/UIKit to do this?

    Read the article

  • Django javascript escape characters

    - by Hulk
    There is a text area in which the data is entered as, 122 //Enter button pushed Address Name //Enter button pushed 1 And the same is tored in the db.And the data is fetched in views and returned it to template as, <script> {% for i in dict.row_arr %} var ii= ('{{ i }}'); row_arr.push( ii ); {% endfor %} </script> Here there is an error as Error: unterminated string literal Line: 40, Column: 12 Source Code: var ii= ('1212 And when the html source shows up as, var ii= ('1212 1 21 11212121212'); row_arr.push( ii ); How should the escape function be applied here. Thanks..

    Read the article

  • How to escape HAML for Javascript in Sinatra

    - by viatropos
    I would like to return a list/combobox from an ajax request ("Which on of these do you like?" type thing). I would like to write that little snippet in HAML, which converts it to HTML, but when I do, the page goes blank. I'm assuming this is because the HTML isn't escaped. Is there a way to escape HAML so I can do $("#mydiv").html(response);? Here's the method: post "/something" do # process... haml :"partials/_select", :layout => false, :locals => {:collection => choices} end ... the haml template: %select - collection.each do |item| %option{:value => item.to_s}= item.to_s ... and the javascript: success: function(responseText, statusText, xhr, $form) { $(".dialog_content").append(responseText); } I have tried the sinatra_more plugin and the escape_javascript method, but there's problems with the haml buffer in sinatra. Any ideas?

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >