Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

why is $first_name variable different in echo, mysql, fwrite

Posted on 2013-01-18
5
Medium Priority
?
383 Views
Last Modified: 2013-01-18
why is $first_name variable different in echo, mysql, fwrite

echo $first_name is
 Ray

mysql $first_name is
 Ray <ray.paseur@gmail.com>

fwrite $first_name is
 Ray <ray.paseur@gmail.com>


the only way I can put
Ray as the $first_name in mysql database is if I copy paste the echo (not fwrite)

  $cols = array(
"first_name",
"email1",
"description"
);

 
// FROM THE POST AT EE
function emailregex($str)
{
    // A REGULAR EXPRESSION TO FIND THE FROM-EMAIL ADDRESS
    $regex
    = '#'         // REGEX DELIMITER
    . '.*?'       // ANYTHING OR NOTHING
    . '\<'        // ESCAPED WICKET
    . '(.*?)'     // GROUP OF CHARACTERS WITH EMAIL ADDRESS
    . '\>'        // ESCAPED WICKET
    . '#'         // REGEX DELIMITER
    ;


    // ISOLATE THE FROM EMAIL ADDRESS
    preg_match($regex, $str, $matches);
    return $matches;
} 




$from = emailregex(" Ray <ray.paseur@gmail.com>");
  
$email1=$from[1];  
$first_name=$from[0];

           $q = 'INSERT INTO '.$tablename.' (';
        foreach ($cols as &$columnname) {
          $q.=$columnname.',';
          }        
        $q=rtrim($q, ",");
        $q.=') VALUES (';
        foreach ($cols as &$columnname) {
        $q.='\''.mysql_real_escape_string($$columnname).'\',';        
        }
        $q=substr_replace($q, "", -1);
        $q.=')';
        echo '<br>'.$q;
        echo fwrite($fwritefile,$q);
        mysql_query ($q);
?>

Open in new window

0
Comment
Question by:rgb192
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 38792968
>echo $first_name is

will output that value, the the "<"  is starting a html tag. you need to use "htmlentities" on the variable to output it correctly to "html" output
http://php.net/manual/en/function.htmlentities.php
echo htmlentities($first_name);
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 38793037
To add to what angelIII has (wisely) suggested, please be aware that you create a gigantic security problem for your clients if your scripts ever echo any data without using htmlentities().  To illustrate this issue, run the following code.  If your script accepts external input from any source, be it forms, data base results, cookies, etc. you MUST escape the output before sending it to the client browser.

Also, learn to use the "view source" feature of your browser.  It's often quite illuminating!

<?php // RAY_temp_rgb192.php

// A SIMULATED ATTACK VECTOR
$evil = <<<JAVASCRIPT
<script type="text/javascript">
alert("I JUST REDIRECTED YOUR BROWSER TO AN ATTACK SITE AND ALL YOU CAN DO IS CLICK OK, SUCKER");
</script>
JAVASCRIPT;

// DANGEROUS
echo $evil;

// SAFE
echo htmlentities($evil);

Open in new window

0
 

Author Comment

by:rgb192
ID: 38793336
echo htmlentities($first_name);

echos output
 Ray <ray.paseur@gmail.com>

want
Ray

function emailregex($str)  is
name as part[0]
and
email part[1]


and thanks Ray for teaching me about htmlentities security
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 38793373
I think PHP strip_tags() might be what you want.  And maybe trim().

<?php // RAY_temp_rgb192.php

$str = ' Ray <ray.paseur@gmail.com>';
$new = trim(strip_tags($str));

echo '<pre>';
echo htmlentities($str);
echo PHP_EOL;
echo htmlentities($new);

Open in new window

0
 

Author Closing Comment

by:rgb192
ID: 38793472
now output is Ray

thanks
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
In this article, I’ll talk about multi-threaded slave statistics printed in MySQL error log file.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question