special trim ?

[ginerjm]

I have a script that process emails sent to a specific email address.  Depending upon what mail account my sender uses I get some troubled data coming in that I can't seem to recognize.

 

Here is the message I get from mysql when I try to do an update with the data I have extracted from the email body.

 

 

right syntax to use near '7, 3, 2, 6, 8, 0, 4, 5, 9, 1,  0, 2, 1, 8, 3, 9, 4, 6, 5, 7, 'L')

The above is an error message that mysql sends back to my script.  That little foreign character is not supposed to be there nor does it show in the email when I receive it and forward it to this mailbox/script.

 

What can I use to find these kinds of characters?  Currently my process detects the line with the numbers and does an explode on the commas to generate my values that go into the values clause of an insert query.  In this case though that foreign char gets inserted as part of one of the values.  (The values arrive in two separately identified lines with 10 nums each, hence the problem here is with one of the lines of nums beginning with the odd character.)

 

 

[requinix]

You know the real problem here is the SQL injection, right? A query should never fail with a syntax error like that.

 

Anyway that's probably a non-breaking space in UTF-8 encoding. \xC2\xA0 I think. How you deal with it depends on your code...

[ginerjm]

Ok - I modified my script to use a prepared query.  Now I get a default-ed value of '0' for the ones that have the foreign char in them.  (My prev example left out another foreign char on the very first digit - 7 - which is now posting as 0.

 

So What else can one do to a value that has a non integer in it? I am doing a filter_var on these and that is not catching it.  As in:

 

$n = filter_var($num, FILTER_SANITIZE_NUMBER_INT);
if ($n === false)
    (handle this as error and stop processing email)

[requinix]

Works fine for me.

echo bin2hex(filter_var(hex2bin("C2A0313233C2A0", FILTER_SANITIZE_NUMBER_INT)); // 313233 = 123

What's the rest of your code?

[ginerjm]

For what it's worth:

$n = filter_var($num, FILTER_SANITIZE_NUMBER_INT);
if ($n === false)
 {
     $ans_msg .= "Top line has bad numbers<br>";
     $ans_msg .= "Line found is:$msg<br>";
     $ans_msg .= "Email not posted<br>";
     $bad_msg = true;
     $send_cc = false;
     break;
 }

I loop thru all my incoming values and if one of them fails this test I break out of it with flags set to kill the rest of the processing.

In my case - I am not getting this error message and the value that ends up in my query is the bad one.

[requinix]

Am I going to have to ask for it line by line?

 

What's all the code that has to do with getting the original data, processing it, and saving it? Redact if you need to but I'm not going to just guess at what you're doing.

[ginerjm]

Oh no - not trying to be difficult.  The code for getting the email, reading line by line and analyzing the numbers is in multiple places in the script.  I only focused on this final step that was trying to validate it for the forum.

 

At this point I think I am close to a solution.  I was not using filter_var properly and have written a solution (corrected my code!).  Just waiting for my host to begin responding to my ftp requests now.....

[ginerjm]

Solved.

 

While looping thru the number lists I was not properly recognizing the results.  I was looking for a False result to indicate an error/bad value when I should have just checked the "corrected" value and replaced the original/bad one with it.

 

Now that I am doing that my process works.

 

Thanks for your interest!