Jump to content

mysql_real_escape_string

erfg1

By erfg1
in PHP Coding Help

 Share

Recommended Posts

erfg1 Newbie

erfg1

Posted
Posted

I'm using mysql_real_escape_string so that when people post a comment on my website, it won't mess up the message if you type in a ' or space down more than once.

 

However, when it outputs it back onto the page, it doesn't correct it to show the new space downs and removes \'s. How do you replace \n's with <br>'s and completely remove \'s

Link to comment
Share on other sites
obsidian Member

obsidian

Posted
Posted

mysql_real_escape_string really has nothing to do with line breaks. If you're wanting to get rid of backslashes that may have been added on insert, though, run your string through stripslashes() before you echo it out to the screen.

Link to comment
Share on other sites
erfg1 Newbie

erfg1

Posted
  • Author
Posted

If i'm doing something like

 

$template->assign_block_vars('bug_info', array(
		'ROW_ID' => $myrow2["id"],
		'ROW_VERSION' => $myrow2["version"],
		'ROW_USERNAME' => $myrow2["name"],
		'ROW_BUG' => $myrow2["bug"],
		'ROW_STATUS' => $myrow2["status"],
		'ROW_COMMENTS' => $myrow2["comments"],
		'ROW_MYNAME' => $user->data['username'],
));

Would I do...

 

$template->assign_block_vars('bug_info', array(
		'ROW_ID' => $myrow2["id"],
		'ROW_VERSION' => $myrow2["version"],
		'ROW_USERNAME' => $myrow2["name"],
		'ROW_BUG' => $myrow2[stripslashes("bug")],
		'ROW_STATUS' => $myrow2["status"],
		'ROW_COMMENTS' => $myrow2["comments"],
		'ROW_MYNAME' => $user->data['username'],
));

Link to comment
Share on other sites
obsidian Member

obsidian

Posted
Posted 

<?php
//...
'ROW_BUG' => nl2br($myrow2['bug']),
//...
?>

 

Doesn't work. Maybe I should do a str_replace? If so, how should I go about doing it for this instance.

 

It should work just fine. That's what the function is built to do. The two functions suggested are not mutually exclusive, however, and they should be used together to get the total result you are after.

 

If you are still not getting the results you want, you may need to explain what you're after a little more clearly or post the relevant code and comparative output for what you want and what you are getting.

Link to comment
Share on other sites
erfg1 Newbie

erfg1

Posted
  • Author
Posted 
<?php
define('IN_PHPBB', true); // we tell the page that it's going to be using phpBB, this is important.
$phpbb_root_path = './forums/'; // See phpbb_root_path documentation
$phpEx = substr(strrchr(__FILE__, '.'), 1); // Set the File extension for page-wide usage.
include($phpbb_root_path . 'common.' . $phpEx); // include the common.php file, this is important, especially for database connects.
// Start session management -- This will begin the session for the user browsing this page.
$user->session_begin();

$auth->acl($user->data);// Language file (see documentation related to language files)
$user->setup('mypage');/*** All of your coding will be here, setting up vars, database selects, inserts, etc...*/
page_header($user->lang['MY_PAGE_TITLE']);
// Set the filename of the template you want to use for this file.
$template->set_filenames(array(    
'body' => 'mytemplate_body.html') // template file name -- See Templates Documentation
);

$submit 	= (isset($_POST['post'])) ? true : false; //Submit values
$submit_edit = (isset($_POST['post_edit'])); //Submit values
$view 		= (isset($_GET['view'])); //View values
$name 	= $user->data['username'];
$name_edit 	= request_var('name_edit', '', true);
$version 	= request_var('version', '', true);
$bug		= request_var('bug', '', true);
$status		= request_var('status', '', true);
$id			= request_var('id', '', true);
$comments	= request_var('comments', '', true);
$edit 		= (isset($_GET['edit'])) ? intval($_GET['edit']) : 0; //Edit the bug
$fixed 		= (isset($_GET['fixed'])) ? intval($_GET['fixed']) : 0; //Fixed the bug
$delete 	= (isset($_GET['delete'])) ? intval($_GET['delete']) : 0;; //Remove the bug (spam? stupid? un-needed?)
$fixed_var	= "Fixed by";

// A typical usage for sending your variables to your template.
$template->assign_vars(array(
'BUG' => $user->lang['BUG'],
   'TEXT_VAR' => $user->lang['TEXT_VAR'],   
'ANOTHER_TEXT_VAR' => $user->lang['ANOTHER_TEXT_VAR'],
'CM_VERSION' => $user->lang['CM_VERSION'],
'YOUR_NAME' => $user->lang['YOUR_NAME'],
'EXPLAIN_BUG' => $user->lang['EXPLAIN_BUG'],
'SUBMITED_BUG' => $user->lang['SUBMITED_BUG'],
'TITLE_VIEWING' => $user->lang['TITLE_VIEWING'],
'BUG_FIXED' => $user->lang['BUG_FIXED'],
'SUBMITED_EDIT' => $user->lang['SUBMITED_EDIT'],
'SUBMITED_AND_REMOVED' => $user->lang['SUBMITED_AND_REMOVED'],
'NOT_LOGGED_IN' => $user->lang['NOT_LOGGED_IN'],
));// Output the page

if ($user->data['is_registered']){
$template->assign_vars(array(
		'S_LOGIN'		=> true,
));
}
else {
$template->assign_vars(array(
		'S_NOT_LOGIN'		=> true,
));
}

if ($user->data['group_id'] == "7"){ //Clan Mod developing team is 7. Change this as needed.
$template->assign_vars(array(
		'S_ADMIN'		=> true,
));
}

///////////////////////////////////////////
//     FIXED
///////////////////////////////////////////
if (!$delete && !$submit_edit && $fixed && !$submit && !$view){ //We have fixed the bug.
$sql3 = "UPDATE cm_bugreport SET status = '$fixed_var " . $user->data['username'] . "' WHERE id = '$fixed'";
$db->sql_query($sql3);

$template->assign_vars(array(
		'S_REPORTING'		=> false,
		'S_DONE'			=> false,
		'S_VIEWING'			=> false,
		'S_BUG_FIXED'		=> true,
		'S_IS_EDITING'		=> false,
		'S_DONE_EDITING'	=> false,
		'S_REMOVED'			=> false,
));
}

///////////////////////////////////////////
//     DELETED
///////////////////////////////////////////
if ($delete && !$submit_edit && !$fixed && !$submit && !$view){ //We must remove this bug.
$sql6 = "DELETE FROM cm_bugreport WHERE id = '$delete'";
$db->sql_query($sql6);

$template->assign_vars(array(
		'S_REPORTING'		=> false,
		'S_DONE'			=> false,
		'S_VIEWING'			=> false,
		'S_BUG_FIXED'		=> false,
		'S_IS_EDITING'		=> false,
		'S_DONE_EDITING'	=> false,
		'S_REMOVED'			=> true,
));
}

///////////////////////////////////////////
//     EDITING
///////////////////////////////////////////
if (!$delete && !$submit_edit && $edit && !$fixed && !$submit && !$view){ //We have fixed the bug.
$sql4 = "SELECT * FROM cm_bugreport WHERE id = '$edit'";
$result4 = $db->sql_query($sql4);

while ($myrow4 = $db->sql_fetchrow($result4)){
$template->assign_vars(array(
		'ROW_ID' => $myrow4["id"],
		'ROW_VERSION' => $myrow4["version"],
		'ROW_USERNAME' => $myrow4["name"],
		'ROW_BUG' => $myrow4["bug"],
		'ROW_STATUS' => $myrow4["status"],
		'ROW_COMMENTS' => $myrow4["comments"],
));
}
$template->assign_vars(array(
		'S_REPORTING'		=> false,
		'S_DONE'			=> false,
		'S_VIEWING'			=> false,
		'S_BUG_FIXED'		=> false,
		'S_IS_EDITING'		=> true,
		'S_DONE_EDITING'	=> false,
		'S_REMOVED'			=> false,
));
}

///////////////////////////////////////////
//     DONE EDITING
///////////////////////////////////////////
if (!$delete && $submit_edit && !$fixed && !$submit && !$view){
		$sql5 = "UPDATE cm_bugreport SET version = '". mysql_real_escape_string("$version") ."', name = '". mysql_real_escape_string("$name_edit") ."', bug = '". mysql_real_escape_string("$bug") ."', status = '". mysql_real_escape_string("$status") ."', comments = '". mysql_real_escape_string("$comments") ."' WHERE id = '$id'";
		$db->sql_query($sql5);

$template->assign_vars(array(
		'S_REPORTING'		=> false,
		'S_DONE'			=> false,
		'S_VIEWING'			=> false,
		'S_BUG_FIXED'		=> false,
		'S_IS_EDITING'		=> false,
		'S_DONE_EDITING'	=> true,
		'S_REMOVED'			=> false,
));
}

///////////////////////////////////////////
//     SUBMITING
///////////////////////////////////////////
if (!$delete && !$submit_edit && !$edit && !$fixed && $submit && !$view){ //We have submited our bug, and we are done.
		$sql = 'INSERT INTO cm_bugreport' . $db->sql_build_array('INSERT', array(
			'name'		=> $name,
			'version'	=> $version,
			'bug'		=> mysql_real_escape_string("$bug"),
			'status'	=> $status)
		);
		$db->sql_query($sql);

		$template->assign_vars(array(
		'S_REPORTING'		=> false,
		'S_DONE'			=> true,
		'S_VIEWING'			=> false,
		'S_BUG_FIXED'		=> false,
		'S_IS_EDITING'		=> false,
		'S_DONE_EDITING'	=> false,
		'S_REMOVED'			=> false,
		));
}

///////////////////////////////////////////
//     SUBMITTING
///////////////////////////////////////////
else if (!$delete && !$submit_edit && !$edit && !$fixed && !$submit && !$view) { //Lets submit a bug!
$template->assign_vars(array(
		'S_REPORTING'		=> true,
		'S_DONE'			=> false,
		'S_VIEWING'			=> false,
		'S_BUG_FIXED'		=> false,
		'S_IS_EDITING'		=> false,
		'S_DONE_EDITING'	=> false,
		'S_REMOVED'			=> false,
		));
}

///////////////////////////////////////////
//     VIEWING
///////////////////////////////////////////
else if (!$delete && !$submit_edit && !$edit && !$fixed && $view && !$submit) { //We are viewing the bugs that are already submited.
$sql2 = 'SELECT * FROM cm_bugreport ORDER BY id DESC';
$result2 = $db->sql_query($sql2);
$db->sql_freeresult($result2);

$template->assign_vars(array(
		'S_REPORTING'		=> false,
		'S_DONE'			=> false,
		'S_VIEWING'			=> true,
		'S_BUG_FIXED'		=> false,
		'S_IS_EDITING'		=> false,
		'S_DONE_EDITING'	=> false,
		'S_REMOVED'			=> false,
));
while ($myrow2 = $db->sql_fetchrow($result2)){
$template->assign_block_vars('bug_info', array(
		'ROW_ID' => $myrow2["id"],
		'ROW_VERSION' => $myrow2["version"],
		'ROW_USERNAME' => $myrow2["name"],
		'ROW_BUG' => nl2br($myrow2["bug"]),
		'ROW_STATUS' => $myrow2["status"],
		'ROW_COMMENTS' => $myrow2["comments"],
		'ROW_MYNAME' => $user->data['username'],
));
}
}

// Finish the script, display the page
page_footer();
?>

Link to comment
Share on other sites
erfg1 Newbie

erfg1

Posted
  • Author
Posted

yes, it's a start

 

What? No, im wondering how to make it so the \n's become BR's and make the \'s go away. All at the same time. How would you make a str_replace in this area.

 

$template->assign_block_vars('bug_info', array(
		'ROW_ID' => $myrow2["id"],
		'ROW_VERSION' => $myrow2["version"],
		'ROW_USERNAME' => $myrow2["name"],
		'ROW_BUG' => $myrow2[stripslashes("bug")],
		'ROW_STATUS' => $myrow2["status"],
		'ROW_COMMENTS' => $myrow2["comments"],
		'ROW_MYNAME' => $user->data['username'],
));

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.