aeroswat Posted January 21, 2010 Share Posted January 21, 2010 substr(clean($res['StudentName']),0,strrpos($res['StudentName'],' ')); substr(clean($res['StudentName']),(strrpos($res['StudentName'],' ')+1)); If the following is the case: function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $res['StudentName'] = Testy "Mc" Testerson Link to comment https://forums.phpfreaks.com/topic/189311-what-should-this-return/ Share on other sites More sharing options...
JonnoTheDev Posted January 21, 2010 Share Posted January 21, 2010 substr(clean($res['StudentName']),0,strrpos($res['StudentName'],' ')); Nothing as it is not assigned to a variable! However your function will return a string that is safe to use in a database query <?php $res['StudentName'] = "Joe Bloggs"; // Will store 'Joe' in $firstname $firstname = substr(clean($res['StudentName']),0,strrpos($res['StudentName'],' ')); // insert into database $result = mysql_query("INSERT INTO students SET firstname='".$firstname."'"); ?> Also using the substr() function is not the best way to split the students name into parts Link to comment https://forums.phpfreaks.com/topic/189311-what-should-this-return/#findComment-999369 Share on other sites More sharing options...
aeroswat Posted January 21, 2010 Author Share Posted January 21, 2010 substr(clean($res['StudentName']),0,strrpos($res['StudentName'],' ')); Nothing as it is not assigned to a variable! However your function will return a string that is safe to use in a database query <?php $res['StudentName'] = "Joe Bloggs"; // Will store 'Joe' in $firstname $firstname = substr(clean($res['StudentName']),0,strrpos($res['StudentName'],' ')); // insert into database $result = mysql_query("INSERT INTO students SET firstname='".$firstname."'"); ?> Also using the substr() function is not the best way to split the students name into parts I figured you could assume that the echo was before the substr's But I need to know what it should do with the str Testy "Mc" Testerson I thought that the first should return Testy "Mc" and the second should return Testerson but it's not. It's returning Testy / and the second is returning nothing. What would be better than substr? Link to comment https://forums.phpfreaks.com/topic/189311-what-should-this-return/#findComment-999373 Share on other sites More sharing options...
JonnoTheDev Posted January 21, 2010 Share Posted January 21, 2010 What would be better than substr? <?php $res['StudentName'] = 'Testy "Mc" Testerson'; $nameParts = explode(" ", $res['StudentName']); // you can view the parts of the name using print_r // print_r($nameParts); for($x = 0; $x < count($nameParts)-1; $x++) { $firstname .= clean($nameParts[$x]); } $lastname = clean($nameParts[count($nameParts)-1]); print $firstname." ".$lastname; ?> Link to comment https://forums.phpfreaks.com/topic/189311-what-should-this-return/#findComment-999376 Share on other sites More sharing options...
aeroswat Posted January 21, 2010 Author Share Posted January 21, 2010 What would be better than substr? <?php $res['StudentName'] = 'Testy "Mc" Testerson'; $nameParts = explode(" ", $res['StudentName']); // you can view the parts of the name using print_r // print_r($nameParts); for($x = 0; $x < count($nameParts)-1; $x++) { $firstname .= clean($nameParts[$x]); } $lastname = clean($nameParts[count($nameParts)-1]); print $firstname." ".$lastname; ?> A bit longer but truly a better idea I still have one problem though. I took out the clean. This is actually reading it from a database and displaying it in a textbox. I realized I didn't want the clean until i was inserting it back into the database. My problem however is that I can save the quoted names to the database but I cannot display them in the text box correctly. Link to comment https://forums.phpfreaks.com/topic/189311-what-should-this-return/#findComment-999380 Share on other sites More sharing options...
JonnoTheDev Posted January 21, 2010 Share Posted January 21, 2010 Probably because the name contains a " and is causing a textfield to cut short in its value param. Remove quotes from a person's name. Nobody should have a quote in their name! Link to comment https://forums.phpfreaks.com/topic/189311-what-should-this-return/#findComment-999381 Share on other sites More sharing options...
aeroswat Posted January 21, 2010 Author Share Posted January 21, 2010 Probably because the name contains a " and is causing a textfield to cut short in its value param. Remove quotes from a person's name. Nobody should have a quote in their name! Unfortunately I got retards that do put quotes in their name and since this is a public system that is automatic I won't be able to get them to stop Is there any way that I can make it account for it? Link to comment https://forums.phpfreaks.com/topic/189311-what-should-this-return/#findComment-999384 Share on other sites More sharing options...
JonnoTheDev Posted January 21, 2010 Share Posted January 21, 2010 Is there any way that I can make it account for it? Prior to any insert strip them out! $name = 'Joe "idiot" Bloggs"; $name = str_replace('"',"", strip_tags($name)); I would run a replace command on your database to get rid of them. If you cannot then convert them into their html entity before displaying in a text field. <input type="text" name="name" value="<?php print htmlentities($res['StudentName']); ?>" /> Link to comment https://forums.phpfreaks.com/topic/189311-what-should-this-return/#findComment-999406 Share on other sites More sharing options...
aeroswat Posted January 21, 2010 Author Share Posted January 21, 2010 Would it be a good idea to include the strip in my clean function? This is run on all variables before they are inserted into the database. Link to comment https://forums.phpfreaks.com/topic/189311-what-should-this-return/#findComment-999411 Share on other sites More sharing options...
JonnoTheDev Posted January 21, 2010 Share Posted January 21, 2010 yes Link to comment https://forums.phpfreaks.com/topic/189311-what-should-this-return/#findComment-999412 Share on other sites More sharing options...
aeroswat Posted January 21, 2010 Author Share Posted January 21, 2010 yes So I've tried doing both of the following with the clean function and it is still storing the quotes :/ function clean($str) { $str = @trim($str); str_replace('\"',"", strip_tags($str)); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } function clean($str) { $str = @trim($str); str_replace('"',"", strip_tags($str)); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } Link to comment https://forums.phpfreaks.com/topic/189311-what-should-this-return/#findComment-999418 Share on other sites More sharing options...
JonnoTheDev Posted January 21, 2010 Share Posted January 21, 2010 When using php functions you must check what the return value of the fuction is! You have added the str_replace function but not stored its return value str_replace('\"',"", strip_tags($str)); should be // remove any " from $str also strip any HTML tags $str = str_replace('"',"", strip_tags($str)); Link to comment https://forums.phpfreaks.com/topic/189311-what-should-this-return/#findComment-999421 Share on other sites More sharing options...
aeroswat Posted January 21, 2010 Author Share Posted January 21, 2010 When using php functions you must check what the return value of the fuction is! You have added the str_replace function but not stored its return value str_replace('\"',"", strip_tags($str)); should be // remove any " from $str also strip any HTML tags $str = str_replace('"',"", strip_tags($str)); Lol dumb mistake >< Thanks a lot buddy! You've helped a lot! Link to comment https://forums.phpfreaks.com/topic/189311-what-should-this-return/#findComment-999426 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.