why is $first_name variable different in echo, mysql, fwrite
why is $first_name variable different in echo, mysql, fwrite
echo $first_name is
Ray
mysql $first_name is
Ray <ray.paseur@gmail.com>
fwrite $first_name is
Ray <ray.paseur@gmail.com>
the only way I can put
Ray as the $first_name in mysql database is if I copy paste the echo (not fwrite)
echo $first_name is
Ray
mysql $first_name is
Ray <ray.paseur@gmail.com>
fwrite $first_name is
Ray <ray.paseur@gmail.com>
the only way I can put
Ray as the $first_name in mysql database is if I copy paste the echo (not fwrite)
$cols = array(
"first_name",
"email1",
"description"
);
// FROM THE POST AT EE
function emailregex($str)
{
// A REGULAR EXPRESSION TO FIND THE FROM-EMAIL ADDRESS
$regex
= '#' // REGEX DELIMITER
. '.*?' // ANYTHING OR NOTHING
. '\<' // ESCAPED WICKET
. '(.*?)' // GROUP OF CHARACTERS WITH EMAIL ADDRESS
. '\>' // ESCAPED WICKET
. '#' // REGEX DELIMITER
;
// ISOLATE THE FROM EMAIL ADDRESS
preg_match($regex, $str, $matches);
return $matches;
}
$from = emailregex(" Ray <ray.paseur@gmail.com>");
$email1=$from[1];
$first_name=$from[0];
$q = 'INSERT INTO '.$tablename.' (';
foreach ($cols as &$columnname) {
$q.=$columnname.',';
}
$q=rtrim($q, ",");
$q.=') VALUES (';
foreach ($cols as &$columnname) {
$q.='\''.mysql_real_escape_string($$columnname).'\',';
}
$q=substr_replace($q, "", -1);
$q.=')';
echo '<br>'.$q;
echo fwrite($fwritefile,$q);
mysql_query ($q);
?>
Asked:
Who is Participating?
>echo $first_name is
will output that value, the the "<" is starting a html tag. you need to use "htmlentities" on the variable to output it correctly to "html" output
http://php.net/manual/en/function.htmlentities.php
echo htmlentities($first_name);
will output that value, the the "<" is starting a html tag. you need to use "htmlentities" on the variable to output it correctly to "html" output
http://php.net/manual/en/function.htmlentities.php
echo htmlentities($first_name);
To add to what angelIII has (wisely) suggested, please be aware that you create a gigantic security problem for your clients if your scripts ever echo any data without using htmlentities(). To illustrate this issue, run the following code. If your script accepts external input from any source, be it forms, data base results, cookies, etc. you MUST escape the output before sending it to the client browser.
Also, learn to use the "view source" feature of your browser. It's often quite illuminating!
Also, learn to use the "view source" feature of your browser. It's often quite illuminating!
<?php // RAY_temp_rgb192.php
// A SIMULATED ATTACK VECTOR
$evil = <<<JAVASCRIPT
<script type="text/javascript">
alert("I JUST REDIRECTED YOUR BROWSER TO AN ATTACK SITE AND ALL YOU CAN DO IS CLICK OK, SUCKER");
</script>
JAVASCRIPT;
// DANGEROUS
echo $evil;
// SAFE
echo htmlentities($evil);
echo htmlentities($first_name);
echos output
Ray <ray.paseur@gmail.com>
want
Ray
function emailregex($str) is
name as part[0]
and
email part[1]
and thanks Ray for teaching me about htmlentities security
echos output
Ray <ray.paseur@gmail.com>
want
Ray
function emailregex($str) is
name as part[0]
and
email part[1]
and thanks Ray for teaching me about htmlentities security
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
Open in new window