Jump to content

Not taking quotation mark's correctly!

lpxxfaintxx

By lpxxfaintxx
in PHP Coding Help

 Share

Recommended Posts

lpxxfaintxx Regular Member

lpxxfaintxx

Posted
Posted

When I add an apostrophe ( " ) in the title or description, everything that comes after that gets cut off.

 

For example, if I named the video Video 1 Funny!, the video uploaded with the correct title.

 

However, if I name a video Video "Test" Funny!, then the video would be uploaded with the following title: Video

 

It's like the " signals an end to the title. However, when I try the same in my_vdo_edit.php, the mod works flawlessly! Something is wrong.

 

Here is my upload.php:

 

$v_title = mysql_real_escape_string(strip_tags($_POST_DATA[field_myvideo_title]));
$v_descr = mysql_real_escape_string(strip_tags($_POST_DATA[field_myvideo_descr]));

  $sql="insert into video set 
    UID=$_SESSION[uID], 
    title='$v_title', 
    description='$v_descr', 
    keyword='$_POST_DATA[field_myvideo_keywords]', 
    channel='0|$_POST_DATA[listch]|0', 
    space = '$space', 
    addtime='".time()."', 
    adddate='".date("Y-m-d")."', 
    vkey='".mt_rand()."', 
    type='$_POST_DATA[field_privacy]',
$active, 
    filehome='$_POST_DATA[p]'";

 

 

Does anyone have any idea whats wrong?

Link to comment
Share on other sites
marcus Regular Member

marcus

Posted
Posted 

<?php
$string = 'A video with "QUOTES"';

echo $string . "<br>\n";
echo addslashes($string) . "<br>\n";
echo htmlentities($string) . "<br>\n";
?>

 

A video with "QUOTES"<br>
A video with \"QUOTES\"<br>
A video with "QUOTES"<br>

 

have you tried using alternative methods? in the database how does it appear? how do you return the data?

Link to comment
Share on other sites
lpxxfaintxx Regular Member

lpxxfaintxx

Posted
  • Author
Posted

The reason I have not tried using an alternative method is because the script is a part of a huge CMS and would be a pain in the ass to go back and change it all. In the database, everything after the quotes is blank--if that makes sense.

 

I return the data like this:

 

{$vinfo[0].title|stripslashes|trim|escape}

Link to comment
Share on other sites
lpxxfaintxx Regular Member

lpxxfaintxx

Posted
  • Author
Posted

Updates: Upon investigation, the problem is larger than I thought. Even when I put NO PROTECTION (straight up $v_title = $_POST_DATA[field_myvideo_title];) the quote problem still occurs. What could be the problem?

 

Here is the full upload code:

 

if($_REQUEST[action_upload]!="")
{

  if(strlen($_REQUEST[field_myvideo_title]) < 3) 
    $err = "Upload: Please provide a video title with minimum 3 characters."; 

  elseif(strlen($_REQUEST[field_myvideo_descr]) < 3) 
    $err = "Upload: Please provide a description with min of 3 characters."; 

  elseif(strlen($_REQUEST[field_myvideo_keywords]) < 1) 
    $err = "Upload: Please provide tag(s)."; 

  elseif(preg_match("/[^a-zA-Z0-9 öüäÖÜÄ\-]/", $_REQUEST[field_myvideo_keywords])) 
    $err = "Upload: Tags should be seperated only by spaces"; 

  elseif(count($_REQUEST[chlist])<1 || count($_REQUEST[chlist])>3) 
    $err="Upload: Please check (1 to 3) channel(s)."; 

        if($err==""){
		$page = "second";
		STemplate::assign('secondpage',"second");
		$listch=implode("|",$_REQUEST[chlist]);
		STemplate::assign('listch',$listch);
		$var = "<script language=javascript>
				var field_myvideo_title = $_REQUEST[field_myvideo_title];
				var field_myvideo_descr = $_REQUEST[field_myvideo_descr];
				var field_myvideo_keywords = $_REQUEST[field_myvideo_keywords];
				var listch = $listch;
				</script>";
		STemplate::assign("var", $var);
        }
}

if(isset($_GET['rnd_id']))
{
    STemplate::assign('upload_page', 'upload');
        
    $temp_dir = $_REQUEST['temp_dir'];
    $_POST_DATA = getPostData($temp_dir, $_REQUEST['tmp_sid']);
    
    $upload_dir = $_POST_DATA['upload_dir'];
    $upload_file = $_POST_DATA['upfile_0'];
    $upload_file_path = $upload_dir . $upload_file;
    if(!is_file($upload_file_path) || filesize($upload_file_path) < 0)
    {
$err = 'Failed to upload selected file!';
    }
    
    $upload_file_size = filesize($uploaded_file_path);
    if($err == "")
    {
$pos = strrpos($upload_file,".");
$ph = strtolower(substr($upload_file,$pos+1,strlen($upload_file)-$pos));
$space = round($upload_file_size/(1024*1024));
if($config['enable_package']=="yes")
{
    check_subscriber($space);
}

//this should never happen
if(($ph!="3gp" && $ph!="mp4" && $ph!="mov" && $ph!="asf" && $ph!="flv" && $ph!="mpg" && $ph!="avi" && $ph!="mpeg" && $ph!="wmv" && $ph!="rm" && $ph!="dat") || $space>$config[max_video_size])
    $err = 'Invalid video format or invalid video size!';	
    }
    
    if($err == "")
    {

		// ----- Approve Video -----
		if($config['approve'] == 1) {
			$active="active='0'";
			} else {
			$active="active='1'";
			}
		// -------------------------

// $v_title = mysql_real_escape_string(strip_tags($_POST_DATA[field_myvideo_title]));
// $v_descr = mysql_real_escape_string(strip_tags($_POST_DATA[field_myvideo_descr]));

$v_title = $_POST_DATA[field_myvideo_title];
$v_descr = $_POST_DATA[field_myvideo_descr];

  $sql="insert into video set 
    UID=$_SESSION[uID], 
    title='$v_title', 
    description='$v_descr', 
    keyword='$_POST_DATA[field_myvideo_keywords]', 
    channel='0|$_POST_DATA[listch]|0', 
    space = '$space', 
    addtime='".time()."', 
    adddate='".date("Y-m-d")."', 
    vkey='".mt_rand()."', 
    type='$_POST_DATA[field_privacy]',
$active, 
    filehome='$_POST_DATA[p]'";

$conn->execute($sql);
    	$vid=mysql_insert_id();
        $vdoname=$vid.".".$ph;
$ff = $config['vdodir'].'/'.$vdoname;

//rename uploaded file
if(rename($upload_file_path,$ff))
{
    //create background conversion process

if($config[vresize] == 1) {$encodecommand="$config[mencoder] $config[vdodir]/$vdoname -o $config[flvdodir]/".$vid.".flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=$config[vbitrate]:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -lavfopts i_certify_that_my_video_stream_does_not_use_b_frames -vop scale=$config[vresize_x]:$config[vresize_y] -srate $config[sbitrate]";}
else {$encodecommand="$config[mencoder] $config[vdodir]/$vdoname -o $config[flvdodir]/".$vid.".flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=$config[vbitrate]:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -lavfopts i_certify_that_my_video_stream_does_not_use_b_frames -srate $config[sbitrate]";}

	exec("$config[phppath] $config[bASE_DIR]/convert.php $vdoname $vid $ff> /dev/null &"); 
    
	//create temporary (video is converting) thumbs	
	video_to_frame2($ff, $vid);

	//get duration
	exec("$config[mplayer] -vo null -ao null -frames 0 -identify $config[vdodir]/$vdoname", $p);
    		while(list($k,$v)=each($p))
    		{
        	    if($length=strstr($v,'ID_LENGTH='))
        	    break;
    		}
    		$lx = explode("=",$length);
    		$duration = $lx[1];

} else {
    $err = 'Failed to rename uploaded file!';
}
    }
    
    if($err == "")
    {
$key=substr(md5($vid),11,20);
send_subscribed_mail($_SESSION[uID],'$key',$_SESSION[email]);

        $sql="update video set
    		vdoname='$vdoname',
                flvdoname='".$vid.".flv',
                duration='$duration',
                vkey='$key' WHERE VID=$vid";
        $conn->execute($sql);
       

        if($config['enable_package']=="yes")
        {
    	    $sql = "update subscriber set used_space=used_space+$space, used_bw=used_bw+$space, total_video=total_video+1 where UID=$_SESSION[uID]";
            $conn->execute($sql);
        }
        
        header("Location:$config[baseurl]/upload_success.php?viewkey=$key&upload=yes");
    }
}

Link to comment
Share on other sites
lpxxfaintxx Regular Member

lpxxfaintxx

Posted
  • Author
Posted

should try cleaning up your post data with mysql_real_escape_string and trim and strip_tags :P

 

The problem still occurs.

 

$v_title = mysql_real_escape_string($_POST_DATA[field_myvideo_title]);

$v_descr = mysql_real_escape_string($_POST_DATA[field_myvideo_descr]);

 

Link to comment
Share on other sites
darkfreaks Advanced Member

darkfreaks

Posted
Posted 
<?php
$v_title = mysql_real_escape_string(strip_tags(trim($_POST_DATA[field_myvideo_title])));
$v_descr = mysql_real_escape_string(trim(strip_tags($_POST_DATA[field_myvideo_descr])));
$v_descr .= str_replace("/","",$v_descr);
$v_title .= str_replace("/","",$v_title);

?>

Link to comment
Share on other sites
lpxxfaintxx Regular Member

lpxxfaintxx

Posted
  • Author
Posted 

<?php
$v_title = mysql_real_escape_string(strip_tags(trim($_POST_DATA[field_myvideo_title])));
$v_descr = mysql_real_escape_string(trim(strip_tags($_POST_DATA[field_myvideo_descr])));
$v_descr .= str_replace("/","",$v_descr);
$v_title .= str_replace("/","",$v_title);

?>

 

Thanks a bunch for your thoughtful reply. However, it is still not taking in quotes. :(

Link to comment
Share on other sites
darkfreaks Advanced Member

darkfreaks

Posted
Posted

then you need addslashes

 

;)

 

 

<?php
$v_title = mysql_real_escape_string(strip_tags(trim($_POST_DATA[field_myvideo_title])));
$v_descr = mysql_real_escape_string(trim(strip_tags($_POST_DATA[field_myvideo_descr])));
$v_descr .= addslashes($v_descr);
$v_title .= addslashes($v_title);

?>

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.