Jump to content

[SOLVED] How do I stop rogue apostrophes being generated by this code?

kingnutter

By kingnutter
in PHP Coding Help

Recommended Posts

kingnutter Member

kingnutter

Posted
Posted

The following is an edit entry page of a CMS I am building.

 

The date will be entered as DMY, MY or just Y according to $freq which I am setting manually for now.

 

This works fine for $freq == 'monthly' and $freq == 'yearly, but when I use $freq == 'daily' the database entry for $moj_month has rogue commas and sometimes brackets around the individual date elements for instance: '5' 'September' ('2005')

 

I have a feeling it's to do with the punctuation around the date entry as it is numeric but I have tried every permutation I can think of.

 

If anyone has a moment please have a scan of the following code and let me have any pointers if possible.

 

Thanks

.

 


<html> 

<head></head> 

<body> 

<!-- standard page header --> 

<?php 

// includes 

include('conf.php'); 

// include('functions.php'); 

// form not yet submitted 

// display initial form with values pre-filled 

if (!$_POST['submit']) 

{ 

     // check for record ID 

     if ((!isset($_GET['id']) || trim($_GET['id']) == '')) 

     { 

         die('Missing record ID!'); 

     } 

    // open database connection 

    $connection = mysql_connect($host, $user, $pass)

or die ('Unable to connect!'); 

    // select database 

    mysql_select_db($db) or die ('Unable to select database!'); 

    // generate and execute query 

    $id = $_GET['id']; 

    $query = "SELECT moj_title, moj_issue, moj_summary, moj_genre FROM mojocd WHERE moj_id = '$id'";  

    $result = mysql_query($query)

or die ("Error in query: $query. " . mysql_error()); 

$query = "SELECT moj_date FROM mojocd WHERE moj_id = '$id'";

$result2 = mysql_query($query)

or die ("Error in query: $query. " . mysql_error()); 


$moj_date_string = mysql_result($result2, 0, 0); 
$moj_date_exp = explode(' ', $moj_date_string);

$moj_date_exp = array_reverse($moj_date_exp);'';
$month = isset($moj_date_exp[1])?$moj_date_exp[1]:'';
$day = isset($moj_date_exp[2])?$moj_date_exp[2]:'';
echo $year." ".$month." ".$day;

    // if a result is returned 

    if (mysql_num_rows($result) > 0) 

     { 

        // turn it into an object 

        $row = mysql_fetch_object($result); 

        // print form with values pre-filled 



?> 

<table cellspacing="5" cellpadding="5"> 
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> 
<input type="hidden" name="id"  value="<?php echo $id; ?>"> 

<tr> 
    <td valign="top"><b><font size="-1">Edit CD Title</font></b></td> 
    <td> 
      <input size="50" maxlength="254" type="text" name="moj_title" 
value="<?php echo $row->moj_title; ?>"> 
    </td> 
</tr>

<tr>
<td valign="top"><b><font size="-1">Edit CD Date</font></b></td>
<td>
<?php 

// This script makes three pull-down menus

// for an HTML form: months, days, years.

// Make the months array:

$months = array (1 => 'January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December');

// Make the days and years arrays

$days = range (1, 31);
$years = range (2001, 2009);
$freq = "daily";


if ($freq == "daily")

{	
// Make the days pull-down menu:
echo '<select name="day">';
foreach ($days as $value) 
if ($day == $value)
    { 
        echo "<option value=\"'$day'\" selected>$day</option>"; 
	} 
else
{
	echo "<option value=\"'$value'\">$value</option>\n";
	}
	echo '</select>';
}

// Make the months pull-down menu:

if (($freq == "daily") || ($freq == "monthly"))

{
echo '<select name="month">';
foreach ($months as $value) 
if ($month == $value)
	{
	echo "<option value=\"'$month'\" selected>$month</option>";
	}
else
	{
echo "<option value=\"$value\">$value</option>\n";
	}
echo '</select>';
}

// make the year pull-down menu:

if (($freq == "daily") || ($freq == "monthly") || ($freq == "yearly"))

{	
echo '<select name="year">';
foreach ($years as $value) 
if ($year == $value)
	{
	echo "<option value=\"('$year')\" selected>$year</option>";
	}
else
	{
	echo "<option value=\"$value\">$value</option>\n";
}
echo '</select>';
}

?>

</td>
</tr>
<tr> 


    <td valign="top"><b><font size="-1">Edit Issue Number</font></b></td> 

    <td> 

      <input size="5" maxlength="5" type="text" name="moj_issue" value="<?php echo $row->moj_issue; ?>">    </td> 

</tr> 

<tr> 

    <td><b><font size="-1">Edit Summary</font></b></td> 

    <td> 

      <textarea name="moj_summary" cols="43" rows="8">

      <?php echo $row->moj_summary; ?>

      </textarea> 

    </td> 

</tr> 

<tr> 

    <td valign="top"><b><font size="-1">Edit Genre</font></b></td> 

    <td> 

      <input size="45" max length="254" type="text" name="moj_genre"

      value = "<?php echo $row->moj_genre; ?>">


    </td> 

</tr> 


<tr> 

    <td colspan=2> 

      <input type="Submit" name="submit" value="Update"> 

    </td> 

</tr> 

</form> 

</table> 

<?php 

    } 

    // no result returned 

    // print graceful error message 

    else 

    { 

        echo '<font size=-1>That instance could not be located in the database.</font>'; 

    } 

} 


else 

{ 

    // set up error list array 

    $errorList = array(); 

    $moj_title = $_POST['moj_title']; 

$moj_issue = $_POST['moj_issue'];

// NO MOJ_DATE CREATED YET  $moj_date = $_POST['moj_date'];

$moj_day = $_POST['day'];

$moj_month = $_POST['month'];

$moj_year = $_POST['year'];

    $moj_summary = $_POST['moj_summary']; 

$moj_genre = $_POST['moj_genre'];

    $moj_id = $_POST['id']; 

        
// Check for errors

if (trim($_POST['moj_title']) == '')
{
	$errorList[] = 'Invalid entry: Title';
}


if (trim($_POST['moj_issue']) == '')
{
	$errorList[] = 'Invalid entry: Issue (remember - not validating numeric entry yet)';
}

if (trim($_POST['moj_summary']) == '')
{
	$errorList[] = 'Invalid entry: Summary';
}

if (trim($_POST['moj_genre']) == '')
{
	$errorList[] = 'Invalid entry: Genre';
}

if (trim($_POST['day']) == '' && ($freq == "daily"))
{
	$errorList[] = 'Invalid entry: Day of date';
	}

if (trim($_POST['month']) == '' && (($freq == "daily") || ($freq == "monthly")))
{
	$errorList[] = 'Invalid entry: Month of date';
	}		

if (trim($_POST['year']) == '' && ((($freq == "daily") || ($freq == "monthly") || ($freq == "yearly"))))
{
	$errorList[] = 'Invalid entry: Year of date';
	}		
    // if none found... 

    if (sizeof($errorList) == 0) 

    { 

        // open database connection 

        $connection = mysql_connect($host, $user, $pass)

or die ('Unable to connect!'); 

        // select database 

        mysql_select_db($db)

or die ('Unable to select database!'); 

$freq = 'daily';

if ($freq == 'daily') 
{
$moj_date = "$moj_day"." "."$moj_month"." "."$moj_year";
}

if ($freq == 'monthly')
{
$moj_day = '1';
$moj_date = "$moj_month"." "."$moj_year";
}
// if yearly, turn $day into 01 and $month into 01 and use $year for $unixdate


if ($freq == 'yearly')
{
$moj_day = '1';
$moj_month = 'January';
$moj_date = "$moj_year";}


$dateforunix = "$moj_year-$moj_month-$moj_day + 1 hour";
$unixdate = strtotime($dateforunix);

// echo $dateforunix; ?><br><?php
// echo $unixdate; ?><br><?php
// echo $date;


// generate and execute query
$query = "UPDATE mojocd SET moj_title = '$moj_title', moj_date = '$moj_date', moj_issue = '$moj_issue', moj_summary = '$moj_summary', moj_genre = '$moj_genre', unix_timestamp = '$unixdate' WHERE moj_id = '$moj_id'";

$result = mysql_query($query)
or die ("Error in Query: $query. " . mysql_error());

// print result
echo '<font size=-1>Update successful.
<a href=list.php>Go back to the main menu</a>.</font>';


       // close database connection 

        mysql_close($connection); 

    } 

    else 

    { 

        // errors occurred 

        // print as list 

        echo '<font size=-1>The following errors were encountered:'; 

        echo '<br>'; 

        echo '<ul>'; 

        for ($x=0; $x<sizeof($errorList); $x++) 

        { 

            echo "<li>$errorList[$x]"; 

        } 

        echo '</ul></font>'; 

    } 

} 

?> 

<!-- standard page footer --> 

</body> 

</html>

premiso Regular Member

premiso

Posted
Posted

You are adding them in there on your own...

 

if ($freq == "daily") {   
   // Make the days pull-down menu:
   echo '<select name="day">';
   foreach ($days as $value) 
   if ($day == $value)
       { 
        echo "<option value=\"'$day'\" selected>$day</option>";  // note the ' around $day
      } 
   else
   {
      echo "<option value=\"'$value'\">$value</option>\n";   // note the ' around $value
      }
      echo '</select>';
}

 

Remove the single quotes around $day and $value and then go through your script and do the same anywhere else it may be. And that should solve your problem.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.