aeroswat Posted January 21, 2010 Share Posted January 21, 2010 substr(clean($res['StudentName']),0,strrpos($res['StudentName'],' ')); substr(clean($res['StudentName']),(strrpos($res['StudentName'],' ')+1)); If the following is the case: function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $res['StudentName'] = Testy "Mc" Testerson Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted January 21, 2010 Share Posted January 21, 2010 substr(clean($res['StudentName']),0,strrpos($res['StudentName'],' ')); Nothing as it is not assigned to a variable! However your function will return a string that is safe to use in a database query <?php $res['StudentName'] = "Joe Bloggs"; // Will store 'Joe' in $firstname $firstname = substr(clean($res['StudentName']),0,strrpos($res['StudentName'],' ')); // insert into database $result = mysql_query("INSERT INTO students SET firstname='".$firstname."'"); ?> Also using the substr() function is not the best way to split the students name into parts Quote Link to comment Share on other sites More sharing options...
aeroswat Posted January 21, 2010 Author Share Posted January 21, 2010 substr(clean($res['StudentName']),0,strrpos($res['StudentName'],' ')); Nothing as it is not assigned to a variable! However your function will return a string that is safe to use in a database query <?php $res['StudentName'] = "Joe Bloggs"; // Will store 'Joe' in $firstname $firstname = substr(clean($res['StudentName']),0,strrpos($res['StudentName'],' ')); // insert into database $result = mysql_query("INSERT INTO students SET firstname='".$firstname."'"); ?> Also using the substr() function is not the best way to split the students name into parts I figured you could assume that the echo was before the substr's But I need to know what it should do with the str Testy "Mc" Testerson I thought that the first should return Testy "Mc" and the second should return Testerson but it's not. It's returning Testy / and the second is returning nothing. What would be better than substr? Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted January 21, 2010 Share Posted January 21, 2010 What would be better than substr? <?php $res['StudentName'] = 'Testy "Mc" Testerson'; $nameParts = explode(" ", $res['StudentName']); // you can view the parts of the name using print_r // print_r($nameParts); for($x = 0; $x < count($nameParts)-1; $x++) { $firstname .= clean($nameParts[$x]); } $lastname = clean($nameParts[count($nameParts)-1]); print $firstname." ".$lastname; ?> Quote Link to comment Share on other sites More sharing options...
aeroswat Posted January 21, 2010 Author Share Posted January 21, 2010 What would be better than substr? <?php $res['StudentName'] = 'Testy "Mc" Testerson'; $nameParts = explode(" ", $res['StudentName']); // you can view the parts of the name using print_r // print_r($nameParts); for($x = 0; $x < count($nameParts)-1; $x++) { $firstname .= clean($nameParts[$x]); } $lastname = clean($nameParts[count($nameParts)-1]); print $firstname." ".$lastname; ?> A bit longer but truly a better idea I still have one problem though. I took out the clean. This is actually reading it from a database and displaying it in a textbox. I realized I didn't want the clean until i was inserting it back into the database. My problem however is that I can save the quoted names to the database but I cannot display them in the text box correctly. Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted January 21, 2010 Share Posted January 21, 2010 Probably because the name contains a " and is causing a textfield to cut short in its value param. Remove quotes from a person's name. Nobody should have a quote in their name! Quote Link to comment Share on other sites More sharing options...
aeroswat Posted January 21, 2010 Author Share Posted January 21, 2010 Probably because the name contains a " and is causing a textfield to cut short in its value param. Remove quotes from a person's name. Nobody should have a quote in their name! Unfortunately I got retards that do put quotes in their name and since this is a public system that is automatic I won't be able to get them to stop Is there any way that I can make it account for it? Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted January 21, 2010 Share Posted January 21, 2010 Is there any way that I can make it account for it? Prior to any insert strip them out! $name = 'Joe "idiot" Bloggs"; $name = str_replace('"',"", strip_tags($name)); I would run a replace command on your database to get rid of them. If you cannot then convert them into their html entity before displaying in a text field. <input type="text" name="name" value="<?php print htmlentities($res['StudentName']); ?>" /> Quote Link to comment Share on other sites More sharing options...
aeroswat Posted January 21, 2010 Author Share Posted January 21, 2010 Would it be a good idea to include the strip in my clean function? This is run on all variables before they are inserted into the database. Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted January 21, 2010 Share Posted January 21, 2010 yes Quote Link to comment Share on other sites More sharing options...
aeroswat Posted January 21, 2010 Author Share Posted January 21, 2010 yes So I've tried doing both of the following with the clean function and it is still storing the quotes :/ function clean($str) { $str = @trim($str); str_replace('\"',"", strip_tags($str)); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } function clean($str) { $str = @trim($str); str_replace('"',"", strip_tags($str)); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted January 21, 2010 Share Posted January 21, 2010 When using php functions you must check what the return value of the fuction is! You have added the str_replace function but not stored its return value str_replace('\"',"", strip_tags($str)); should be // remove any " from $str also strip any HTML tags $str = str_replace('"',"", strip_tags($str)); Quote Link to comment Share on other sites More sharing options...
aeroswat Posted January 21, 2010 Author Share Posted January 21, 2010 When using php functions you must check what the return value of the fuction is! You have added the str_replace function but not stored its return value str_replace('\"',"", strip_tags($str)); should be // remove any " from $str also strip any HTML tags $str = str_replace('"',"", strip_tags($str)); Lol dumb mistake >< Thanks a lot buddy! You've helped a lot! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.