I have a query that is working in all my other php files but it will not work here. Can someone please look at what I have and let me know why the query is not selecting the fields?
Please keep in mind that $res is my database connection that's open, and all the table fields are spelled correctly to the table. I have tried not having those single quotes that are sideways and as you can see in the code I have tried it with them. I have also tried not having ' ' and have tried it with them. I can remark out the lines and the code works, but put them back live and the code stops working with no error given.
I don't know if this helps, but my PHP version is 5.3.3-40.el6_6
$result2 = mysqli_query($res, "SELECT pre_sponsor_sponsor, slid FROM `pres` WHERE `pre_sponsor` = '$spospo' AND `slid` = '$slid' AND `pre_id` <= '$pre_id' LIMIT 1");
$row2 = mysqli_fetch_array($result2)
$spospo = $row2[pre_sponsor_sponsor];
$slid = $row2[slid];
First of all you missed semicolon at line 3.
But I think you should write
$row2 = mysqli_fetch_array($result2, MYSQLI_ASSOC);
Regards.
I see my problem after posting it here. I forgot the semi-colon after the $row2 = mysqli_fetch_array($result2) - it should have a ; after it.
Sorry for posting this.
Related
Can anyone help tell me
I have text, I need to delete everything in it, after certain characters and before certain characters
text like this:
//test/gga/ext/scs/result?+index=4&+index=3&+rel=%22prev%22&+rel=%22prev%22&p=2
I need a delete all after 'result?' and before 'p=' using Powershell
And after this text will be //test/gga/ext/scs/result?p=2
The most basic approach would be to use split("?") to seperate the URL at the ? Then you take the second part and plot it at & and take the last item.
$parts = $url.split("?")
$parts_two = parts[1].split("&")
And then just build the new url
$new_url = "{parts[0]}?{$parts_two[-1]}"
There might be some typo but this could be a simple approach
Something like this might work for you.
$url = "//test/gga/ext/scs/result?+index=4&+index=3&+rel=%22prev%22&+rel=%22prev%22&p=2"
$newUrl = $url.Substring(0,26)+"p=2"
$newUrl
I have a table that lists movies and I have incorporated a simple search function.
I have one text field in a form where a title or keyword can be entered and then the form is submitted.
php/mysql code that does the work is:
$find = $_POST['find'];
$find = mysql_real_escape_string($find);
$find = htmlspecialchars($find);
$sql = "SELECT * FROM tbl_buyerguide WHERE rel_date BETWEEN NOW() AND DATE_ADD(now(), INTERVAL 2 MONTH) AND title LIKE '%".$find."%' ORDER BY title";
where 'find' is the name of the text input in the search form.
This works well enough for the search functionality for the required purpose.
My question to all is:
Is the mysql_real_escape_string and htmlspecialchars enough to make my search form secure?
I have read all of the questions that I can find on stackoverflow about this, but I would really like someone in the know to just say to me "yes, that is all you need", or "no, you also need to take into account ...".
Thanks in Advance.
Cheers Al.
Remember the adage: Filter In, Escape Out.
You're not outputting the term there, so why are you escaping it for HTML purposes with htmlspecialchars()?
Instead, ONLY escape it for the database (you should be using prepared statements, but that's another point). So you should not be using htmlspecialchars there.
Instead, when you go to output the variable onto the HTML page, that's when you should escape it for HTML (again, using htmlspecialchars).
Right now, you're mixing database and html escaping, which is going to lead to neither being effective...
Yes it is enough to make it secure....you could always throw strip_tags() in there as well....
Although I would just do it in one line...instead of using three
$find = htmlspecialchars(mysql_real_escape_string($_POST['find']));
But to really make it secure and up to date, you should stop using mysql_* functions as they are deprecated, and will be removed in any future relases of PHP....
You should instead switch to either mysqli_* or PDO, and implement prepared statements which handles security for you.
Example...in PDO
$db = new PDO('mysql:server=localhost;dbname=test', 'username', 'password');
$find = $_POST['find'];
$query = $db->prepare('SELECT * FROM tbl_buyerguide WHERE rel_date BETWEEN NOW() AND DATE_ADD(now(), INTERVAL 2 MONTH) AND title LIKE :like ORDER BY title');
$query->bindValue(':like', '%' . $find . '%');
$query->execute();
i am able to add a new table on the slide using Win32:OLE in perl...but i am looking into merge a couple of rows in the table....can anyone provide any tips on that.
OR it would also help if i could get any help on how to insert data into an existing table on the Slide, i.e. how to read the table object of the Existing table in the powerpoint file.
my $Slide = $Presentation->Slides->Add({Index=>$value , Layout=>ppLayoutText});
$Slide->{Name} = "Slide1343121";
my $Title = $Slide->Shapes->{Title};
$Title->TextFrame->TextRange->{Text} ="Title";
$Title->TextFrame->TextRange->Font->{Size} = "32";
my $table = $Slide->Shapes->AddTable( "5, 6, 1, 115);`
can anyone help me upgrade my code with the functionalities i am looking for..?
Well, I have never used Perl with PowerPoint but I thinks its just regular COM access.
In VBA you merge cells and change their text like this
tableShape.Table.Cell(1, 1).Merge table.Cell(1, 2) ' Merge first and second cell
tableShape.Table.Cell(1, 1).Shape.TextFrame.TextRange.Text = "Text"
So I guess in Perl it looks more or less like this, no?
$table->Table->Cell(1, 1)->Merge( $table->Table->Cell(1, 2) );
$table->Table->Cell(1, 1)->Shape->TextFrame->TextRange->{Text} = "Text";
I want to display the number of images uploaded to an imagefield, in a views field or views tpl.php. How can I do this? My imagefield is called boatimages. I tried this but it comes out as 0, not the correct number: < ? php print count($fields->field_boatimages) ?>
Ack. I do not think count() works like that.
Why not just do this using Views? Take a look at Arguments > Settings and you'll see 'display record count' which seems like all you would need for this.
My suggestion is install the devel module and use the function dpm to print the variable if you wanna know the structure (print_r() may work too). If count isn't working it's because, you are probably using it with the wrong data.
OR, you could just query the database for the field. I'm gonna provide you instructions for drupal 7 but drupal 6 should be similar.
Check the table field_data_field_boatimages. See how there's a list of your images related with a single entity_id
Then execute this query
SELECT COUNT(*) FROM `field_data_field_boatimages` WHERE entity_id = ###
Where ### is the entity_id you want to know. You can get it by looking for arg(1) if arg(0) == node in your page.
Now you just have to use php power to print thar result
$query = SELECT COUNT(*) FROM `field_data_field_boatimages` WHERE entity_id = :eid
$result = db_query($query, array(':eid', $nid))->fetchField();
echo $result;
Drupal 6 would be very similar. Just a little difference in the table names and the query syntax. For example using db_result instead of fetchField()
Anyway good luck!
I have a Form with a textarea. When the Form is send off, the Datamapper enters the Data into the Database.
My Question now, how to I keep all the Line breaks to be saved in the Database?
In my view I use
$this->escape($entry->description)'
I think escape() will filter this out won't it?
So I tried using the below
echo nl2br($entry->description)
I have copied some text with line breaks directly into the database, since I don't know how it is supposed to be saved, but nothing changed.
How do I save it in the Database? I just use $table->insert($data);
How do I than display the text with the line-breaks in my view?
I hope someone can help, because I can not find a solution. Thank you very much.
The following worked fine for me with no problems:
$db = Zend_Db_Table::getDefaultAdapter();
$db->insert('testing', array('description' => "This is a test\nwith multiple\nlines in the db\n\nmore stuff"));
$select = $db->select()->from('testing');
$results = $select->query();
$row = $results->fetch();
$this->view->description = $row['description'];
// in the view:
echo nl2br($this->description);
In the view I had my string printed out with multiple line breaks still in place.
The escape only calls htmlspecialchars() by default, which wouldn't effect the newlines. But you will need to call nl2br because newlines won't cause the string to span multiple lines in the webpage, that is why you use nl2br.
So even when you manually inserted data with line breaks into the DB, you cannot get the line breaks when you select the data from the table?