Jump to content

Single Quote Messing Up Script

Joshua F

By Joshua F
in PHP Coding Help

Recommended Posts

Joshua F Regular Member

Joshua F

Posted
Posted

I am making a simple script for my friend that uses mod_rewrite, but for testing I don't use the mod_rewrite link.

 

The page is video.php

The extension is ?title=

 

I have having a problem when I type the title with a Single Quote in it(').

Example.

video.php?title=The-Sorcerer's-Apprentice

I have str_replace for the dash(-) to be replaced as a space, so that's not the problem. Here's my code.

 

<?php
if($_GET) {
$title="{$_GET['title']}";
$title = str_replace('_', ' ', $title);
$title = str_replace('-', ' ', $title);
if ($list = mysql_query("SELECT * FROM videos WHERE title='". mysql_real_escape_string($title) ."'") or die (mysql_error())); {
	if(mysql_num_rows($list) > 0){
		if (mysql_num_rows($list)) {
			while($videos=mysql_fetch_array($list)) {
?>
		<div id="content">
		<center><h3><?php echo $videos['title']; ?></h3>
		<object width="640" height="385"><param name="movie" value="<?php echo $videos['youtubelink']; ?>"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="<?php echo $videos['youtubelink']; ?>" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object>
		<br/><br/><a onclick="javascript:history.go(-1)" href="#">Go Back</a>
		</center>			
		</div>
<?php 
			}
		}
	}
?>

Link to comment
https://forums.phpfreaks.com/topic/219741-single-quote-messing-up-script/
Share on other sites
Joshua F Regular Member

Joshua F

Posted
  • Author
Posted

It's not loading the information. It just says page not found.

 

Here's the updated code with the error messages.

 

<?php
if($_GET) {
$title="{$_GET['title']}";
$title = str_replace('_', ' ', $title);
$title = str_replace('-', ' ', $title);
if ($list = mysql_query("SELECT * FROM videos WHERE title='". mysql_real_escape_string($title) ."'") or die (mysql_error())); {
if(mysql_num_rows($list) > 0){
if (mysql_num_rows($list)) {
while($videos=mysql_fetch_array($list)) {
?>
<div id="content">
<center><h3><?php echo $videos['title']; ?></h3>
<object width="640" height="385"><param name="movie" value="<?php echo $videos['youtubelink']; ?>"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="<?php echo $videos['youtubelink']; ?>" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object>
<br/><br/><a onclick="javascript:history.go(-1)" href="#">Go Back</a>
</center>
</div>
<?php 
}
} else {
echo 'Page not found.';
}
} else {
echo 'Page not found.';
}
?>

Joshua F Regular Member

Joshua F

Posted
  • Author
Posted

Ok, add the following code after the query, but before the "if" conditions following the query:

 

print "The query returned " . mysql_num_rows($list) . " rows<br>";

 

And show us what the script output is.

 

It says it returned 1 row, and displayed it. But now if I go to the mod_rewrite link, it gives the 404 error page.

Joshua F Regular Member

Joshua F

Posted
  • Author
Posted

Then I think your problem is with mod_rewrite, not with php.  Can you show the code you are using with mod_rewrite?

Here's the code. It works for all of the other without the Single Quote.

RewriteEngine on
RewriteRule ^video-([a-zA-Z0-9_-]+)\.mfo$ video.php?title=$1

 

Figured it out was I was typing this, I forgot to make it accept '.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.