Beauford

There is supposed to be, and it does display - just with all the spaces. It's not trimming them.

Can someone explain why the first example below works and the second doesn't. The second example doesn't remove the spaces. Thanks. echo $trimmed = trim($c['usr2']); echo"<td width='34%'>".$gangPREF."<a href='../viewuser.php?u={$c['uid2']}' {$csscode[$c['ul2']-1]}> ".trim($c['usr2'])."</a> [{$c['uid2']}] {$RM}</td>

This is how I believe I have got around this. in the form I do this. <td><input type='text' name='pfor' value=''></td> For the check I do this. if($_POST['pfor'] != "") { Check the rest of it } Not my first choice, but workable. Thanks again.

Lets go back to the beginning. All I want to do is see if the user put something in $_POST['pfor']. This could be a 'z', a 'q' a > a ? a 9 or the 0. If the user has entered nothing then just move on with the rest of the script, if there is a value then it gets checked. I just find it unbelievable that PHP can not handle this seemingly simple function. thanks for all the input.

Thanks for the info and the code, but it still doesn't work. and not to get into a long discussion, but to me 0 is NOT empty. It takes up space, bytes, memory, or whatever else to display it, and this is what I want to check for. The only time it should bypass the check is if there is nothing there. The user entered nothing. 0 is something. Can PHP not do this simple function?

This just gets more ridiculous. Now it doesn't think the 0 is a value or isn't numeric - and bypasses the check. See test code below. if(isset($_POST['pfor']) && !empty($_POST['pfor'])) { if(is_numeric($_POST['pfor'])) { if($_POST['pfor'] == 0) { $q=$db->query("SELECT userid, username FROM users WHERE userid={$_POST['pfor']}"); if($db->num_rows($q) == 0) { $error = 1; } } else { $error = 1; } } else { $error = 1; } }

Have tried that as per my posting, but I don't need to do anything if it is empty, so I need to check first to see if it has a value. Which for some reason always seems to, even if the user put nothing in the field. thanks

Sometimes the simplest things in PHP just baffle me: I have a form with 12 fields. There are two fields that are optional. If the user does enter something in these fields, I want to be able to check that and verify the information. If not, just move on with the rest of the script. No matter what I do, even if nothing is entered in these fields, PHP thinks there is and tries to validate it. which screws everything up as there is really nothing there to validate. I have tried if($_POST['value']) { do something } I have tried if(!$_POST['value']) { do something } I have tried if(isset($_POST['value'])) { do something } I have tried if(!isset($_POST['value'])) { do something } and a bunch of of stuff I was grasping at to get this to work. This has got to be simple, but again, I have no clue. The result I want is this. If there is a value, it has to be a number > than 0. Then I want to do a query on that number to make sure that it is in the DB. If it is, then the script continues, if not, an error is posted. Thanks B

OK, that seems to do it. Not sure what I was doing the first time. I had the ENT_QUOTES there, but had the same problem. I just and pasted the variables right from your last code this time and it worked. Much appreciated, just one of those things than I completely have a dead spot in the brain about. I also fixed up some other code using this example as well. One last quick question, you made mention of a long echo. Is there any downsides to doing this rather than echoing each line seperately? Thanks again. B

OK, sorry guys, but I really need to get a handle on this problem. It is popping up in other areas's of my site, as I figured it would. This is the latest error I got, which I believe I have fixed, but would like some input as to whether it is correct or not. QUERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Man)', unix_timestamp(), 'lol')' at line 1 Query was INSERT INTO gangmail VALUES('', '9', '87', 'Villie(Tia's Man)', unix_timestamp(), 'lol') This is just a simple announcment type form which enters a message (textarea) into the DB and then is viewed by others. So I have changed it so I have mysql_real_escape_string before inserting the value to the DB, and stripslashes($value) when retrieveing and viewing it. The one that is still causing me nightmares is when I try to populate a form with data from the database. As soon as there is an apostrophe in the string, everything after it does not show up, and I have tried all the stuff that you guys have mentioned, plus a lot more and just can't get it. The dull code was posted earlier. Thanks B.

Sorry, but just not getting the concept at all. Can't get my head around this in the least. Just don't get when I am supposed to use what and where to use it. Then there seems to be different rules for different situations and I end up with screwed up strings. Guess I'll just have to do without apostrophes, too much time wasted on something as stupid as this. Thanks for all the help to those that replied.

All the stuff you guys have been saying has been tried at some point in time, but the problem still exists. myescape function - I'm a lazy typer. What I am trying to do is have the user edit his preferences. So I need to have O'Toole, look like O'Toole when the form is populated for the user to edit - not O\'Toole or O#39;Toole (or whatever it is). Here I always get a query error as it thinks the ' in O'Toole is the end of the string. Tried all sorts of ways to get this to work. $reserved=$db->query("SELECT reserved FROM reservednames WHERE reserved='{$_POST['gangNAME'}'"); if($db->num_rows($reserved) > 0) { $formerror['gangNAME'] = "{$_POST['gangNAME']} is a reserved name!"; } Other times, when I go to display it, everything after the ' is gone. so O'Toole would be O. It's correct in the DB, but not on the screen. Thanks for the help, as I am going slightly insane here for something as trivial and stupid as an apostrophe. B

I guess I'm just not getting the concept here or something. Here is the entire code, as messed up as it is now. So many changes, trying to fix this who knows what's there. Thanks, B function myescape($text) { return mysql_real_escape_string($text); } function edit_gang() { global $db,$ir,$gangdata,$privs,$csscode; if($_SESSION['privs']['Edit_Gang'] == "N") { $_SESSION['message'] = "You don't have permission to perform this action!"; header("Location: gangstaff.php"); exit(); } else { if($_POST['submit']) { $info=$db->query("SELECT gangNAME, gangPREF FROM gangs"); while($g=$db->fetch_row($info)) { if($_POST['gangNAME'] != $gangdata['gangNAME']) { $gn[] = $g['gangNAME']; } if($_POST['gangPREF'] != $gangdata['gangPREF']) { $gp[] = $g['gangPREF']; } } if(!$_POST['gangNAME']) { $formerror['gangNAME'] = "You must enter a gang name!"; } elseif($_POST['gangNAME'] != $gangdata['gangNAME']) { $lower = strtolower($_POST['gangNAME']); $lower = myescape($lower); $reserved=$db->query("SELECT reserved FROM reservednames WHERE reserved='{$lower}'"); if($db->num_rows($reserved) > 0) { $formerror['gangNAME'] = "{$_POST['gangNAME']} is a reserved name!"; } elseif(in_array($_POST['gangNAME'], $gn)) { $formerror['gangNAME'] = "{$_POST['gangNAME']} already exists, choose another one!"; } } if(!$_POST['gangPREF']) { $formerror['gangPREF'] = "You must enter a gang prefix!"; } elseif($_POST['gangPREF'] != $gangdata['gangPREF']) { if(strlen($_POST['gangPREF']) > 2 || strlen($_POST['gangPREF']) < 2) { $formerror['gangPREF'] = "The prefix must be 2 characters!"; } elseif(in_array($_POST['gangNAME'], $gp)) { $formerror['gangPREF'] = "{$_POST['gangPREF']} already exists, choose another one!"; } } if(!$_POST['gangDESC']) { $formerror['gangDESC'] = "You must enter a short description!"; } elseif(strlen($_POST['gangDESC']) >= 45) { $formerror['gangDESC'] = "You description is too long! (45 characters max)"; } if(!$_POST['gangLOGO']) { $_POST['gangLOGO'] = "http://mafiasyndicate.beauford.ca/images/bankrobber.jpg"; } if(count($formerror) > 0) { $_SESSION['message'] = "There were ".count($formerror)." error(s) in the form. See below for details!"; } else { $name=myescape($_POST['gangNAME']); $pref=strtoupper(myescape($_POST['gangPREF'])); $description=myescape($_POST['gangDESC']); $logo=myescape($_POST['gangLOGO']); $public=myescape($_POST['gangPUBLIC']); $private=myescape($_POST['gangPRIVATE']); $db->query("UPDATE gangs SET gangNAME='{$name}', gangPREF='{$pref}', gangDESC='{$description}', gangLOGO='{$logo}', gangPUBLIC='{$public}', gangPRIVATE='{$private}' WHERE gangID='{$gangdata['gangID']}'"); $_SESSION['message'] = "Your gang preferences have been updated successfully!"; if($_POST['gangNAME'] != $gangdata['gangNAME']) { $db->query("UPDATE forums SET f_NAME='{$name}' WHERE f_GANG={$gangdata['gangID']}"); } header("Location: gangstaff.php"); exit; } } if(!$ir['gang']) { echo "<h2>Edit Gang</h2><br> <div class='grayline'></div> <p class='orange'>You're not in a gang fool, you must apply to one first or create your own.</p> <div class='grayline'></div>"; } else { if(!$_POST['submit']) { foreach($gangdata as $key=>$value) { $_POST[$key] = $value; } } echo "<h2>\"{$_POST['gangNAME']}\" - Edit Gang</h2><br>"; if(isset($_SESSION['message'])) { echo "<p class='orange'>{$_SESSION['message']}</p><br>"; unset($_SESSION['message']); } echo " <p class='p'><b>Note:</b> <i>Change only the fields you want to update. Leave the others as they are.</i></p> <form action='gangstaff.php?action=edit' method='post'> <input type='hidden' name='submit' value='Submit'> <input type='hidden' name='gangPRESIDENT' value='{$_POST['gangPRESIDENT']}'> <div class='grayline'></div> <table width=100% cellspacing='1'> <tr> <td width='20%'>Gang Name:</td> <td width='24%'><input id='input' type='text' name='gangNAME' value='{$_POST['gangNAME']}'></td><td width='56%'>{$formerror['gangNAME']}</td> </tr><tr> <td>Gang Tag:</td> <td><input id='input' type='text' name='gangPREF' value='{$_POST['gangPREF']}'></td><td>{$formerror['gangPREF']}</td> </tr><tr> <td>Gang Description:</td> <td colspan='2'><input id='input' style='width: 434px' type='text' name='gangDESC' value='{$_POST['gangDESC']}' maxlength='45'></td>"; if($formerror['gangDESC']) { echo "</tr><tr><td width='20%'> </td><td colspan='2'>{$formerror['gangDESC']}</td>"; } echo " </tr><tr> <td>Gang Logo:</td> <td colspan='2'><input id='input' style='width: 434px' type='text' name='gangLOGO' value='{$_POST['gangLOGO']}'></td> </tr> </table> <table width=100% cellspacing='1'> <td width='20%'>Public Description:</td> <td width='80%' style='padding-left: 2px'><textarea id='textarea' rows='10' cols='50' name='gangPUBLIC'>".$_POST['gangPUBLIC']."</textarea></td> </tr><tr> <td>Private Description:</td> <td style='padding-left: 2px'><textarea id='textarea' rows='10' cols='50' name='gangPRIVATE'>".$_POST['gangPRIVATE']."</textarea></td> </tr><tr> <td> </td> <td> <button class='btn' type='submit' value='submit'>Change</button></td> </tr> </table> </form> <div class='grayline'></div> <br><p class='p'>Staff Administration</p>"; StaffMenu(); } } }

Doesn't work. As I have said, I have tried all these, and same problem. Another problem, related, is when I try to retrieve the data from the table and compare it to an $_POST value, I get a query error as it thinks the apostrophe is the end of the string. Tried escaping all this as well, and same problem. Just a clarification. If I do your suggestion and display it to the screen, it is fine. If however, I try to select the information from the database and display it back in the form to edit it, I do not want the user to see the apostrophe code, I want them to see the actual apostrophe.

Doesn't work. As I have said, I have tried all these, and same problem. Another problem, related, is when I try to retrieve the data from the table and compare it to an $_POST value, I get a query error as it thinks the apostrophe is the end of the string. Tried escaping all this as well, and same problem.

Hi again, My apologies for another post on this, but I am just not getting this at all. Time after time, after time I have problems with apostrophes in any kind of input/output of data when an apostrophe is involved in a string. Example: O'Toole, Ain't that a shame, Fred's Space, etc. This is all I want to do, is input the examples like above, and have them display the same way when I retrieve them from the database. I have tried escaping them everyway I could find, but there is no one solution that seems to work. Can some one give me some kind of definitive rule on this, and speak slow, as I am just at my wits end with this. Right now I just don't allow apostrophes on my site, but this is ridiculous. Thanks B

Cheat Engine 5.5 (Latest) Has any heard of this program and know of a way to detect it and stop a user from trying to change values on my site. Thanks

Update: This works: function mysql_escape($query) { return str_replace("'","''",$query); }

Thanks for all the replies. but I think some of you are missing the problem. If I do the search from the form it works perfectly everytime. If I get the same string from the database, I get the query error I posted. The two strings are identical, so why does one work and one doesn't. This is what I don't get. The only thing I can think of is that the database one has some hidden or unseen characters, null values, line breaks or whatever that the form string doesn't have. Could be wrong, but what else could it be. To the human eye, the two strings are identical.

I have a search form I created to seach a table in my database. When I search it from the form, no problem. The problem is when I save the search in MySQL and then try to retrieve the string and run it. I'm at a loss. When I compare the two search strings (the one from the form and the one from the DB) they are identical, so how can one work and one not? The query is: SELECT userid, username, userlevel, donatordays, gender, level, money, points, house, location, gang, laston FROM users WHERE username LIKE 'Beaufor%' When I echo the string from both the form and the DB - they are identical. This is what I get when I retieve it from the DB. QUERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Beaufor%'' at line 1 This is the code I use to get the info - both ways. When inserting into the DB I am using htmlementies, and stripslashes when retrieving it. Have tried mysql_real_escape_string, etc etc. as well. $info=$db->query("{$query}"); $i=$db->num_rows($info); etc..... Any help is appreciated on this, and the whole apostrophe problems as I am still trying to get other similar issues resolved. Hope this makes sense to someone, as I just don't get the whole thing and tried to explain as best as possible. Beauford

Cron: 5 * * * * /directory_path/cron_hour.php No functions - other than a mysql class, no prints, no echos. I have 5 other crons setup the same way that run fine. As I said, runs perfect every time from the command line. Thanks

I'm really hoping someone can help on this one as I don't have a clue what is going on. I have a small PHP script which I am running as a cron job that updates a couple of MySQL tables in my DB. I know the cron is being run at the correct time as I have had it write several small text files and all is ok there. The problem is this, none of the code in the script gets executed. So your first thought would be - debug the code. Well, here's the other side of the puzzle. If I go to my browser and run the script manually from there, it works perfectly every time and everything gets updated the way it should be. So what are some reasons that manually it works, and from the cron it does not. I don't get it. Thanks for any input.

I have tried every iteration of mysql_real_escape_string, htmlemenities, etc., etc. and still can not get the damn apostrophe to show up in my form field, or when extracting it via a mysql select. My eyes are bloodshot reading the millions of posts by other users with the same problem. Is there actually a way to do this, or should I just put a note on my site to change your name if it has an apostrophe in it. ??? Any help is hugely appreciated, but note that I have tried hundreds of fixes that obviously have not solved the problem. Thanks B.

I have a database with many tables and in several of them I have a number field designated as binint, size(20). Perieodically I am getting the maximum allowed for this field inserted, which is (18446744073709551616) instead what should be inserted, or updated. Why is this happening? I am just looking for general information or assumptions and to see if anyone else has had this issue and what were the circumstances. I have posted a snippet of code below, which may or may not help. The part where it updates, UPDATE users SET money=money-1000000 seems to where the problem is as it is the only thing being set in the field from this script, but this one - UPDATE userstats SET tmoney=tmoney-1000000 - which is updated after the first one, works fine. $name=mysql_real_escape_string($_POST['name']); $description=mysql_real_escape_string($_POST['description']); $db->query("INSERT INTO gangs VALUES('','$name','$description','{$_POST['gangLOGO']}','{$_POST['prefix']}',0,0,0,0,0,$userid, 5,1,'','',unix_timestamp(),1)"); $i=$db->insert_id(); $db->query("UPDATE users SET gang=$i, gangdate=unix_timestamp(), money=money-1000000 where userid=$userid"); $db->query("UPDATE userstats SET tmoney=tmoney-1000000 where userid=$userid"); $db->query("INSERT INTO forums VALUES('','$name', '$description', 0, 0, 0, 0, 'No Posts', 'gang', {$i}, 0)"); Any help or suggestions is appreciated.

Is there a way to show the servers time and date in the users browser when they come to my site, instead of their local time. Thanks