Want to be a web developer? You'll need to know HTML. Prepare for HTML5 certification by enrolling in July's Course of the Month! It's free for Premium Members, Team Accounts, and Qualified Experts.
Course Of The Month
8 days, 15 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
why is $first_name variable different in echo, mysql, fwrite
Posted on 2013-01-18
why is $first_name variable different in echo, mysql, fwrite
echo $first_name is
Ray
mysql $first_name is
Ray <ray.paseur@gmail.com>
fwrite $first_name is
Ray <ray.paseur@gmail.com>
the only way I can put
Ray as the $first_name in mysql database is if I copy paste the echo (not fwrite)
echo $first_name is
Ray
mysql $first_name is
Ray <ray.paseur@gmail.com>
fwrite $first_name is
Ray <ray.paseur@gmail.com>
the only way I can put
Ray as the $first_name in mysql database is if I copy paste the echo (not fwrite)
$cols = array(
"first_name",
"email1",
"description"
);
// FROM THE POST AT EE
function emailregex($str)
{
// A REGULAR EXPRESSION TO FIND THE FROM-EMAIL ADDRESS
$regex
= '#' // REGEX DELIMITER
. '.*?' // ANYTHING OR NOTHING
. '\<' // ESCAPED WICKET
. '(.*?)' // GROUP OF CHARACTERS WITH EMAIL ADDRESS
. '\>' // ESCAPED WICKET
. '#' // REGEX DELIMITER
;
// ISOLATE THE FROM EMAIL ADDRESS
preg_match($regex, $str, $matches);
return $matches;
}
$from = emailregex(" Ray <ray.paseur@gmail.com>");
$email1=$from[1];
$first_name=$from[0];
$q = 'INSERT INTO '.$tablename.' (';
foreach ($cols as &$columnname) {
$q.=$columnname.',';
}
$q=rtrim($q, ",");
$q.=') VALUES (';
foreach ($cols as &$columnname) {
$q.='\''.mysql_real_escape_string($$columnname).'\',';
}
$q=substr_replace($q, "", -1);
$q.=')';
echo '<br>'.$q;
echo fwrite($fwritefile,$q);
mysql_query ($q);
?>
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2-
2
5 Comments
>echo $first_name is
will output that value, the the "<" is starting a html tag. you need to use "htmlentities" on the variable to output it correctly to "html" output
http://php.net/manual/en/function.htmlentities.php
echo htmlentities($first_name);
will output that value, the the "<" is starting a html tag. you need to use "htmlentities" on the variable to output it correctly to "html" output
http://php.net/manual/en/function.htmlentities.php
echo htmlentities($first_name);
To add to what angelIII has (wisely) suggested, please be aware that you create a gigantic security problem for your clients if your scripts ever echo any data without using htmlentities(). To illustrate this issue, run the following code. If your script accepts external input from any source, be it forms, data base results, cookies, etc. you MUST escape the output before sending it to the client browser.
Also, learn to use the "view source" feature of your browser. It's often quite illuminating!
Also, learn to use the "view source" feature of your browser. It's often quite illuminating!
<?php // RAY_temp_rgb192.php
// A SIMULATED ATTACK VECTOR
$evil = <<<JAVASCRIPT
<script type="text/javascript">
alert("I JUST REDIRECTED YOUR BROWSER TO AN ATTACK SITE AND ALL YOU CAN DO IS CLICK OK, SUCKER");
</script>
JAVASCRIPT;
// DANGEROUS
echo $evil;
// SAFE
echo htmlentities($evil);
Active 2 days ago
echo htmlentities($first_name);
echos output
Ray <ray.paseur@gmail.com>
want
Ray
function emailregex($str) is
name as part[0]
and
email part[1]
and thanks Ray for teaching me about htmlentities security
echos output
Ray <ray.paseur@gmail.com>
want
Ray
function emailregex($str) is
name as part[0]
and
email part[1]
and thanks Ray for teaching me about htmlentities security
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
When table data gets too large to manage or queries take too long to execute the solution is often to buy bigger hardware or assign more CPUs and memory resources to the machine to solve the problem. However, the best, cheapest and most effective so…
In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller singl…
- Databases
- AWS
- MySQL Server
- MongoDB
- NoSQL Databases
- Percona
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month8 days, 15 hours left to enroll
617 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.