Jump to content

Problems with chars: ' and " (single and double quotes)


Recommended Posts

The problem is that php add 3 slashes. \\\' the first two does not appear the third appear. is there a way to remove the third one wihtout turning it off?

 

Then your code is flawed. Post some code where you access the POST data.

 

It is better to turn that off, once 6 hits that is no longer active and any code depending on it, is basically FUBAR'ed.

 

You are taking the time now to figure out what is wrong, why not just do the update and fix the problem also?

Diabling Magic Quotes

 

That explains different procedures you can use.

 

; Magic quotes

;

 

; Magic quotes for incoming GET/POST/Cookie data.

magic_quotes_gpc = Off

 

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.

magic_quotes_runtime = Off

 

; Use Sybase-style magic quotes (escape ' with '' instead of \').

magic_quotes_sybase = Off

 

All of those would need to be turned off for magic_quotes to officially be off.

I did it but !! the \' is still showing. what is the next step ??

 

; Magic quotes

;

 

; Magic quotes for incoming GET/POST/Cookie data.

magic_quotes_gpc = Off

 

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.

magic_quotes_runtime = Off

 

; Use Sybase-style magic quotes (escape ' with '' instead of \').

magic_quotes_sybase = Off

 

here is the code on how i am getting the message value via post, do you have any idea if this problem may be from javascript ?

 

    $db_result = mysql_query($db_query);

    $db_row = mysql_fetch_row($db_result);

    if($sms_credit <= 0)

{

    header("Location: menu.php?inc=send_sms&op=sendsmstogr&message=".urlencode($message)."&err=".urlencode("Out"));

}

else if ($sms_credit < $db_row[0])

{

    header("Location: menu.php?inc=send_sms&op=sendsmstogr&message=".urlencode($message)."&err=".urlencode(""));

} else

{

$msg_flash = $_POST[msg_flash];

$msg_unicode = $_POST[msg_unicode];

$message = $_POST[message];

if ($gp_code && $message)

{

    $sms_type = "text";

    if ($msg_flash == "on")

    {

$sms_type = "flash";

    }

    if ($msg_unicode == "on")

    {

$unicode = "1";

    }

    list($ok,$to,$smslog_id) = websend2group($username,$gp_code,$message,$sms_type,$unicode);

 

I am sure it's not from websend2group because i did a test on the condition before executing websend2group. Actually it's playsms script an open source software. here is the full code:

 

    case "sendsmstogr":

$message = $_GET[message];

$db_query = "SELECT * FROM "._DB_PREF_."_tblUserGroupPhonebook WHERE uid='$uid' ORDER BY gp_name";

$db_result = dba_query($db_query);

while ($db_row = dba_fetch_array($db_result))

{

    $list_of_group .= "<option value=\"$db_row[gp_code]\" $selected>$db_row[gp_name] ($db_row[gp_code])</option>";

}

// add shared group

$db_query = "

    SELECT

"._DB_PREF_."_tblUserGroupPhonebook.gpid as gpid,

"._DB_PREF_."_tblUserGroupPhonebook.gp_name as gp_name,

"._DB_PREF_."_tblUserGroupPhonebook.gp_code as gp_code

    FROM "._DB_PREF_."_tblUserGroupPhonebook,"._DB_PREF_."_tblUserGroupPhonebook_public

    WHERE

"._DB_PREF_."_tblUserGroupPhonebook.gpid="._DB_PREF_."_tblUserGroupPhonebook_public.gpid AND

NOT ("._DB_PREF_."_tblUserGroupPhonebook_public.uid='$uid')

    ORDER BY gp_name

";

$db_result = dba_query($db_query);

while ($db_row = dba_fetch_array($db_result))

{

    $list_of_group .= "<option value=\"$db_row[gp_code]\" $selected>$db_row[gp_name] ($db_row[gp_code])</option>";

}

$max_length = $core_config['smsmaxlength'];

if ($sms_sender = username2sender($username))

{

    $max_length = $max_length - strlen($sms_sender);

}

else

{

    $sms_sender = "<i>not set</i>";

}

if ($err)

{

    $content = "<p><font color=red>$err</font><p>";

}

if ($gateway_number)

{

    $sms_from = $gateway_number;

}

else

{

    $sms_from = $mobile;

}

// WWW

$db_query2 = "SELECT * FROM "._DB_PREF_."_tblSMSTemplate WHERE uid='$uid'";

$db_result2 = dba_query($db_query2);

$j = 0;

$option_values = "<option value=\"\" default>--Please Select--</option>";

while ($db_row = dba_fetch_array($db_result2))

{

    $j++;

    $option_values .= "<option value=\"".$db_row[t_text]."\">".$db_row[t_title]."</option>";

    $input_values .= "<input type=\"hidden\" name=\"content_$j\" value=\"".$db_row[t_text]."\">";

}

 

// document.fm_sendsms.message.value = document.fm_smstemplate.content_num.value;

$content .= "

<!-- WWW -->

    <script language=\"javascript\">

 

function setTemplate()

{    

    sellength = fm_sendsms.smstemplate.length;

    for ( i=0; i<sellength; i++)

    {

if (fm_sendsms.smstemplate.options.selected == true)

{

    fm_sendsms.message.value = fm_sendsms.smstemplate.options.value;

}

    }

}

    </script>

 

    <form name=\"fm_smstemplate\">

    $input_values

    </form>

 

    <h2>Send broadcast SMS</h2>

    <p>

    <form name=fm_sendsms id=fm_sendsms action=menu.php?inc=send_sms&op=sendsmstogr_yes method=POST>

    <p>From: $sms_from

    <p>

    <p>Send to group: <select name=\"gp_code\">$list_of_group</select>

    <!--

    <table cellpadding=1 cellspacing=0 border=0>

    <tr>

<td nowrap>

    Group(s):<br>

    <select name=\"gp_code_dump[]\" size=\"10\" multiple=\"multiple\" onDblClick=\"moveSelectedOptions(this.form['gp_code_dump[]'],this.form['gp_code[]'])\">$list_of_group</select>

</td>

<td width=10> </td>

<td align=center valign=middle>

<input type=\"button\" class=\"button\" value=\">>\" onclick=\"moveSelectedOptions(this.form['gp_code_dump[]'],this.form['gp_code[]'])\"><br><br>

<input type=\"button\" class=\"button\" value=\"All >>\" onclick=\"moveAllOptions(this.form['gp_code_dump[]'],this.form['gp_code[]'])\"><br><br>

<input type=\"button\" class=\"button\" value=\"<<\" onclick=\"moveSelectedOptions(this.form['gp_code[]'],this.form['gp_code_dump[]'])\"><br><br>

<input type=\"button\" class=\"button\" value=\"All <<\" onclick=\"moveAllOptions(this.form['gp_code[]'],this.form['gp_code_dump[]'])\">

</td>

<td width=10> </td>

<td nowrap>

    Send to:<br>

    <select name=\"gp_code[]\" size=\"10\" multiple=\"multiple\" onDblClick=\"moveSelectedOptions(this.form['gp_code[]'],this.form['gp_code_dump[]'])\"></select>

</td>

    </tr>

    </table>

    -->

    <p>Or: <input type=text size=20 maxlength=20 name=gp_code_text value=\"$dst_gp_code\"> (Group name)

    <p>SMS Sender ID: $sms_sender

    <p>Message template: <select name=\"smstemplate\">$option_values</select>

    <p><input type=\"button\" onClick=\"javascript: setTemplate();\" name=\"nb\" value=\"Use Template\" class=\"button\">

    <p>Your message:

    <br><textarea cols=\"39\" rows=\"5\" onKeyUp=\"javascript: SmsCountKeyUp($max_length);\" onKeyDown=\"javascript: SmsCountKeyDown($max_length);\" name=\"message\" id=\"ta_sms_content\">$message</textarea>

    <br>Character left: <input value=\"$max_length\" type=\"text\" onKeyPress=\"if (window.event.keyCode == 13){return false;}\" onFocus=\"this.blur();\" size=\"3\" name=\"charNumberLeftOutput\" id=\"charNumberLeftOutput\">

    <p><input type=checkbox name=msg_flash> Send as flash message

    <p><input type=submit class=button value=Send onClick=\"selectAllOptions(this.form['gp_code[]'])\">

    </form>

";

echo $content;

break;

    case "sendsmstogr_yes":

$gp_code = $_POST[gp_code];

if (!$gp_code[0])

{

    $gp_code = $_POST[gp_code_text];

}

$msg_flash = $_POST[msg_flash];

$message = $_POST[message];

if ($gp_code && $message)

{

    $sms_type = "text";

    if ($msg_flash == "on")

    {

$sms_type = "flash";

    }

    list($ok,$to,$smslog_id) = websend2group($username,$gp_code,$message,$sms_type);

    for ($i=0;$i<count($ok);$i++)

    {

        if ($ok[$i])

        {

        $error_string .= "Your SMS for `".$to[$i]."` has been delivered to queue<br>";

        }

        else

        {

        $error_string .= "Fail to sent SMS to `".$to[$i]."`<br>";

}

    }

    header("Location: menu.php?inc=send_sms&op=sendsmstogr&message=".urlencode($message)."&err=".urlencode($error_string));

}

else

{

    header("Location: menu.php?inc=send_sms&op=sendsmstogr&message=".urlencode($message)."&err=".urlencode("You must select receiver group and your message should not be empty"));

}

break;

Here are the 2 functions that are invoked in the first script:

 

function websend2group($username,$gp_code,$message,$sms_type='text')

{

    global $apps_path, $core_config;

    global $datetime_now, $gateway_module;

    $uid = username2uid($username);

    $mobile_sender = username2mobile($username);

    $max_length = $core_config['smsmaxlength'];

    if ($sms_sender = username2sender($username))

    {

$max_length = $max_length - strlen($sms_sender) - 1;

    }

    if (strlen($message)>$max_length)

    {

        $message = substr ($message,0,$max_length-1);

    }

    if (is_array($gp_code))

    {

$array_gp_code = $gp_code;

    }

    else

    {

$array_gp_code[0] = $gp_code;

    }

    $j=0;

    for ($i=0;$i<count($array_gp_code);$i++)

    {

$c_gp_code = strtoupper($array_gp_code[$i]);

$gpid = gpcode2gpid($uid,$c_gp_code);

$db_query = "SELECT * FROM "._DB_PREF_."_tblUserPhonebook WHERE gpid='$gpid'";

$db_result = dba_query($db_query);

while ($db_row = dba_fetch_array($db_result))

{

    $p_num = $db_row[p_num];

    $sms_to = $p_num;

    $sms_msg = $message;

    $sms_msg = str_replace("\r","",$sms_msg);

    $sms_msg = str_replace("\n","",$sms_msg);

    $sms_msg = str_replace("\""," ",$sms_msg);

    $mobile_sender = str_replace("\'","",$mobile_sender);

    $mobile_sender = str_replace("\"","",$mobile_sender);

    $sms_sender = str_replace("\'","",$sms_sender);

    $sms_sender = str_replace("\"","",$sms_sender);

    $sms_to = str_replace("\'","",$sms_to);

    $sms_to = str_replace("\"","",$sms_to);

    $the_msg = "$sms_to\n$sms_msg";

    $to[$j] = $sms_to;

    $ok[$j] = 0;

    if ($ret = sendsms($mobile_sender,$sms_sender,$sms_to,$sms_msg,$uid,$c_gp_code,$sms_type,$unicode))

    {

        $ok[$j] = $ret['status'];

$smslog_id[$i] = $ret['smslog_id'];

    }

    $j++;

}

    }

    return array($ok,$to,$smslog_id);

}

 

 

 

function kannel_hook_sendsms($mobile_sender,$sms_sender,$sms_to,$sms_msg,$uid='',$gp_code='PV',$smslog_id=0,$sms_type='text',$unicode=0)

{

    global $kannel_param;

    global $gateway_number;

    $ok = false;

    if ($gateway_number)

    {

$sms_from = $gateway_number;

    }

    else

    {

$sms_from = $mobile_sender;

    }

    if ($sms_sender)

    {

$sms_msg = $sms_msg.$sms_sender;

    }

    // set failed first

    $p_status = 2;

    setsmsdeliverystatus($smslog_id,$uid,$p_status);

    $msg_type = 2; // text

    if ($sms_type=="flash")

    {

$msg_type = 1; //flash

    }

    $URL = "/cgi-bin/sendsms?username=".urlencode($kannel_param['username'])."&password=".urlencode($kannel_param['password']);

    $URL .= "&from=".urlencode($sms_from)."&to=".urlencode($sms_to)."&text=".urlencode($sms_msg);

    $URL .= "&dlr-mask=31&dlr-url=".urlencode($kannel_param['playsms_web']."/plugin/gateway/kannel/dlr.php?type=%d&slid=$smslog_id&uid=$uid");

    $URL .= "&mclass=".$msg_type;

    $connection = fsockopen($kannel_param['bearerbox_host'],$kannel_param['sendsms_port'],&$error_number,&$error_description,60);

    if($connection)

    {

socket_set_blocking($connection, false);

fputs($connection, "GET $URL HTTP/1.0\r\n\r\n");

while (!feof($connection))

{

    $myline = fgets($connection, 128);

    if ($myline == "Sent.")

    {

$ok = true;

// set pending

$p_status = 0;

setsmsdeliverystatus($smslog_id,$uid,$p_status);

    }

}

    }

    fclose ($connection);

    return $ok;

}

 

Man i did a detailed troubleshooting on the script before ! and i ended with the same idea that something from php default settings or apache!! Do you have any idea if we have to change something else then the magic quotes?

 

Anyway Thank you for you support!

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.