lpxxfaintxx Posted April 12, 2008 Share Posted April 12, 2008 When I add an apostrophe ( " ) in the title or description, everything that comes after that gets cut off. For example, if I named the video Video 1 Funny!, the video uploaded with the correct title. However, if I name a video Video "Test" Funny!, then the video would be uploaded with the following title: Video It's like the " signals an end to the title. However, when I try the same in my_vdo_edit.php, the mod works flawlessly! Something is wrong. Here is my upload.php: $v_title = mysql_real_escape_string(strip_tags($_POST_DATA[field_myvideo_title])); $v_descr = mysql_real_escape_string(strip_tags($_POST_DATA[field_myvideo_descr])); $sql="insert into video set UID=$_SESSION[uID], title='$v_title', description='$v_descr', keyword='$_POST_DATA[field_myvideo_keywords]', channel='0|$_POST_DATA[listch]|0', space = '$space', addtime='".time()."', adddate='".date("Y-m-d")."', vkey='".mt_rand()."', type='$_POST_DATA[field_privacy]', $active, filehome='$_POST_DATA[p]'"; Does anyone have any idea whats wrong? Link to comment https://forums.phpfreaks.com/topic/100807-not-taking-quotation-marks-correctly/ Share on other sites More sharing options...
amites Posted April 12, 2008 Share Posted April 12, 2008 are you escaping the quotes with \ as in here is \"My Title\" - tadaa Link to comment https://forums.phpfreaks.com/topic/100807-not-taking-quotation-marks-correctly/#findComment-515639 Share on other sites More sharing options...
lpxxfaintxx Posted April 13, 2008 Author Share Posted April 13, 2008 Well, the point is not to escape the quotes. I wanted it to automatically add the \'s itself to make it easier for newbies to add videos. Is there any way I can do that? Link to comment https://forums.phpfreaks.com/topic/100807-not-taking-quotation-marks-correctly/#findComment-515863 Share on other sites More sharing options...
marcus Posted April 13, 2008 Share Posted April 13, 2008 <?php $string = 'A video with "QUOTES"'; echo $string . "<br>\n"; echo addslashes($string) . "<br>\n"; echo htmlentities($string) . "<br>\n"; ?> A video with "QUOTES"<br> A video with \"QUOTES\"<br> A video with "QUOTES"<br> have you tried using alternative methods? in the database how does it appear? how do you return the data? Link to comment https://forums.phpfreaks.com/topic/100807-not-taking-quotation-marks-correctly/#findComment-515864 Share on other sites More sharing options...
lpxxfaintxx Posted April 14, 2008 Author Share Posted April 14, 2008 The reason I have not tried using an alternative method is because the script is a part of a huge CMS and would be a pain in the ass to go back and change it all. In the database, everything after the quotes is blank--if that makes sense. I return the data like this: {$vinfo[0].title|stripslashes|trim|escape} Link to comment https://forums.phpfreaks.com/topic/100807-not-taking-quotation-marks-correctly/#findComment-516441 Share on other sites More sharing options...
lpxxfaintxx Posted April 14, 2008 Author Share Posted April 14, 2008 Updates: Upon investigation, the problem is larger than I thought. Even when I put NO PROTECTION (straight up $v_title = $_POST_DATA[field_myvideo_title] the quote problem still occurs. What could be the problem? Here is the full upload code: if($_REQUEST[action_upload]!="") { if(strlen($_REQUEST[field_myvideo_title]) < 3) $err = "Upload: Please provide a video title with minimum 3 characters."; elseif(strlen($_REQUEST[field_myvideo_descr]) < 3) $err = "Upload: Please provide a description with min of 3 characters."; elseif(strlen($_REQUEST[field_myvideo_keywords]) < 1) $err = "Upload: Please provide tag(s)."; elseif(preg_match("/[^a-zA-Z0-9 öüäÖÜÄ\-]/", $_REQUEST[field_myvideo_keywords])) $err = "Upload: Tags should be seperated only by spaces"; elseif(count($_REQUEST[chlist])<1 || count($_REQUEST[chlist])>3) $err="Upload: Please check (1 to 3) channel(s)."; if($err==""){ $page = "second"; STemplate::assign('secondpage',"second"); $listch=implode("|",$_REQUEST[chlist]); STemplate::assign('listch',$listch); $var = "<script language=javascript> var field_myvideo_title = $_REQUEST[field_myvideo_title]; var field_myvideo_descr = $_REQUEST[field_myvideo_descr]; var field_myvideo_keywords = $_REQUEST[field_myvideo_keywords]; var listch = $listch; </script>"; STemplate::assign("var", $var); } } if(isset($_GET['rnd_id'])) { STemplate::assign('upload_page', 'upload'); $temp_dir = $_REQUEST['temp_dir']; $_POST_DATA = getPostData($temp_dir, $_REQUEST['tmp_sid']); $upload_dir = $_POST_DATA['upload_dir']; $upload_file = $_POST_DATA['upfile_0']; $upload_file_path = $upload_dir . $upload_file; if(!is_file($upload_file_path) || filesize($upload_file_path) < 0) { $err = 'Failed to upload selected file!'; } $upload_file_size = filesize($uploaded_file_path); if($err == "") { $pos = strrpos($upload_file,"."); $ph = strtolower(substr($upload_file,$pos+1,strlen($upload_file)-$pos)); $space = round($upload_file_size/(1024*1024)); if($config['enable_package']=="yes") { check_subscriber($space); } //this should never happen if(($ph!="3gp" && $ph!="mp4" && $ph!="mov" && $ph!="asf" && $ph!="flv" && $ph!="mpg" && $ph!="avi" && $ph!="mpeg" && $ph!="wmv" && $ph!="rm" && $ph!="dat") || $space>$config[max_video_size]) $err = 'Invalid video format or invalid video size!'; } if($err == "") { // ----- Approve Video ----- if($config['approve'] == 1) { $active="active='0'"; } else { $active="active='1'"; } // ------------------------- // $v_title = mysql_real_escape_string(strip_tags($_POST_DATA[field_myvideo_title])); // $v_descr = mysql_real_escape_string(strip_tags($_POST_DATA[field_myvideo_descr])); $v_title = $_POST_DATA[field_myvideo_title]; $v_descr = $_POST_DATA[field_myvideo_descr]; $sql="insert into video set UID=$_SESSION[uID], title='$v_title', description='$v_descr', keyword='$_POST_DATA[field_myvideo_keywords]', channel='0|$_POST_DATA[listch]|0', space = '$space', addtime='".time()."', adddate='".date("Y-m-d")."', vkey='".mt_rand()."', type='$_POST_DATA[field_privacy]', $active, filehome='$_POST_DATA[p]'"; $conn->execute($sql); $vid=mysql_insert_id(); $vdoname=$vid.".".$ph; $ff = $config['vdodir'].'/'.$vdoname; //rename uploaded file if(rename($upload_file_path,$ff)) { //create background conversion process if($config[vresize] == 1) {$encodecommand="$config[mencoder] $config[vdodir]/$vdoname -o $config[flvdodir]/".$vid.".flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=$config[vbitrate]:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -lavfopts i_certify_that_my_video_stream_does_not_use_b_frames -vop scale=$config[vresize_x]:$config[vresize_y] -srate $config[sbitrate]";} else {$encodecommand="$config[mencoder] $config[vdodir]/$vdoname -o $config[flvdodir]/".$vid.".flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=$config[vbitrate]:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -lavfopts i_certify_that_my_video_stream_does_not_use_b_frames -srate $config[sbitrate]";} exec("$config[phppath] $config[bASE_DIR]/convert.php $vdoname $vid $ff> /dev/null &"); //create temporary (video is converting) thumbs video_to_frame2($ff, $vid); //get duration exec("$config[mplayer] -vo null -ao null -frames 0 -identify $config[vdodir]/$vdoname", $p); while(list($k,$v)=each($p)) { if($length=strstr($v,'ID_LENGTH=')) break; } $lx = explode("=",$length); $duration = $lx[1]; } else { $err = 'Failed to rename uploaded file!'; } } if($err == "") { $key=substr(md5($vid),11,20); send_subscribed_mail($_SESSION[uID],'$key',$_SESSION[email]); $sql="update video set vdoname='$vdoname', flvdoname='".$vid.".flv', duration='$duration', vkey='$key' WHERE VID=$vid"; $conn->execute($sql); if($config['enable_package']=="yes") { $sql = "update subscriber set used_space=used_space+$space, used_bw=used_bw+$space, total_video=total_video+1 where UID=$_SESSION[uID]"; $conn->execute($sql); } header("Location:$config[baseurl]/upload_success.php?viewkey=$key&upload=yes"); } } Link to comment https://forums.phpfreaks.com/topic/100807-not-taking-quotation-marks-correctly/#findComment-516460 Share on other sites More sharing options...
darkfreaks Posted April 14, 2008 Share Posted April 14, 2008 should try cleaning up your post data with mysql_real_escape_string and trim and strip_tags Link to comment https://forums.phpfreaks.com/topic/100807-not-taking-quotation-marks-correctly/#findComment-516461 Share on other sites More sharing options...
lpxxfaintxx Posted April 14, 2008 Author Share Posted April 14, 2008 should try cleaning up your post data with mysql_real_escape_string and trim and strip_tags The problem still occurs. $v_title = mysql_real_escape_string($_POST_DATA[field_myvideo_title]); $v_descr = mysql_real_escape_string($_POST_DATA[field_myvideo_descr]); Link to comment https://forums.phpfreaks.com/topic/100807-not-taking-quotation-marks-correctly/#findComment-516462 Share on other sites More sharing options...
darkfreaks Posted April 14, 2008 Share Posted April 14, 2008 <?php $v_title = mysql_real_escape_string(strip_tags(trim($_POST_DATA[field_myvideo_title]))); $v_descr = mysql_real_escape_string(trim(strip_tags($_POST_DATA[field_myvideo_descr]))); $v_descr .= str_replace("/","",$v_descr); $v_title .= str_replace("/","",$v_title); ?> Link to comment https://forums.phpfreaks.com/topic/100807-not-taking-quotation-marks-correctly/#findComment-516464 Share on other sites More sharing options...
lpxxfaintxx Posted April 14, 2008 Author Share Posted April 14, 2008 <?php $v_title = mysql_real_escape_string(strip_tags(trim($_POST_DATA[field_myvideo_title]))); $v_descr = mysql_real_escape_string(trim(strip_tags($_POST_DATA[field_myvideo_descr]))); $v_descr .= str_replace("/","",$v_descr); $v_title .= str_replace("/","",$v_title); ?> Thanks a bunch for your thoughtful reply. However, it is still not taking in quotes. Link to comment https://forums.phpfreaks.com/topic/100807-not-taking-quotation-marks-correctly/#findComment-516465 Share on other sites More sharing options...
darkfreaks Posted April 14, 2008 Share Posted April 14, 2008 lol do you want to escape the quotes or remove them ??? Link to comment https://forums.phpfreaks.com/topic/100807-not-taking-quotation-marks-correctly/#findComment-516467 Share on other sites More sharing options...
lpxxfaintxx Posted April 14, 2008 Author Share Posted April 14, 2008 I want it to escape them, so that users CAN put in quotes in the title and description. (of course, while being protected from SQL injections) Link to comment https://forums.phpfreaks.com/topic/100807-not-taking-quotation-marks-correctly/#findComment-516468 Share on other sites More sharing options...
darkfreaks Posted April 14, 2008 Share Posted April 14, 2008 then you need addslashes <?php $v_title = mysql_real_escape_string(strip_tags(trim($_POST_DATA[field_myvideo_title]))); $v_descr = mysql_real_escape_string(trim(strip_tags($_POST_DATA[field_myvideo_descr]))); $v_descr .= addslashes($v_descr); $v_title .= addslashes($v_title); ?> Link to comment https://forums.phpfreaks.com/topic/100807-not-taking-quotation-marks-correctly/#findComment-516469 Share on other sites More sharing options...
discomatt Posted April 14, 2008 Share Posted April 14, 2008 Is addslashes necessary after real_escape_string? Also, why are you appending and not redefining on the second set? Link to comment https://forums.phpfreaks.com/topic/100807-not-taking-quotation-marks-correctly/#findComment-516473 Share on other sites More sharing options...
amites Posted April 14, 2008 Share Posted April 14, 2008 have you tried addslashes? works much the same way as mysql_real_escape_string if this is part of a larger CMS and they did not create it to handle quotes then there is something rather wrong with that CMS Link to comment https://forums.phpfreaks.com/topic/100807-not-taking-quotation-marks-correctly/#findComment-516492 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.