hello Everyone

I was wondering if anyone can help me with a little php and mysql problem occurred to the CMS i am using.

I have a function which is get data from a table after updating the table, the code is as follow:

public function getHtmlWrapper($id) {
	 	//get entire html wrapper
		$sql = "SELECT id, theme_name, html_wrapper FROM ".TABLE_PREFIX."themes WHERE id = $id";
        $result_id = $this->db->query($sql);        
        $theme_data = $this->db->fetchToRow($result_id);
        
        //read file in to database
        $file_content = file_get_contents(SITE_ROOT.'/themes/'.$theme_data["theme_name"].'/index.php');
        if($file_content) {
         $this->db->update('themes',
		 	array('html_wrapper'=>$file_content),
			 "id = '".(int) $id."'");
        }
        
        //get entire html wrapper
		$sql = "SELECT id, theme_name, html_wrapper FROM ".TABLE_PREFIX."themes WHERE id = $id";
        $result_id = $this->db->query($sql);        
        $theme_data = $this->db->fetchToRow($result_id);
        return $theme_data;
    }

the " $this->db->query " is calling a update function in the database class which is: as follow:

function update($table, $data, $where='') {

	    $q="UPDATE ".TABLE_PREFIX."".$table." SET ";
	
	    foreach($data as $key=>$val) {
	        if(strtolower($val)=='null') $q.= "`$key` = NULL, ";
	        elseif(strtolower($val)=='now()') $q.= "`$key` = NOW(), ";
	        else $q.= "`$key`='".$this->escape($val)."', ";
	    }
	
	    $q = rtrim($q, ', ') . ' WHERE '.$where.';';
		//echo $q;
	    return $this->query($q);
	}

function escape($string) {
		if(version_compare(phpversion(),"4.3.0")=="-1") {
			return mysql_escape_string($string);
		} else {
			return mysql_real_escape_string($string);
		}
	}

when I do var_dump($file_content) before update statement it gives me the contents :

<? include "layout/header.php" ?>
<? $body = (isset($body))?$body:'home'?>
<? include 'contents/'.$body.'.php' ?>
<? include 'layout/footer.php' ?>

but once the table is updated, the "html_wrapper" field in the table has an extra ? before:

<? include "layout/header.php" ?>
<? $body = (isset($body))?$body:'home'?>
<? include 'contents/'.$body.'.php' ?>
<? include 'layout/footer.php' ?>

that makes the "html_wrapper" field has the value:

?<? include "layout/header.php" ?>
<? $body = (isset($body))?$body:'home'?>
<? include 'contents/'.$body.'.php' ?>
<? include 'layout/footer.php' ?>

I was wondering where the extra ? at the begining come from?

very much appreciated for any help and suggestions?

thank you

Tried to read through it, didn't see anything-but could you implement the CODE tags? That way I can see what's code easier, and read what you're writing easier.

Edited 3 Years Ago by happygeek: fixed formatting

I really can't be bothered to read your code fully if you can't be bothered to use

tags. (It does have a 'watermark' in the post boxes which tell you about the code tags)

But a quick glance shows this on your last lines:
[code=php]?<? include "layout/header.php" ?>

Whats with the extra ? there.

It looks like this line:

?<? include "layout/header.php" ?>

Take out the '?' before the the tagged php include statement.

The

?<? include "layout/header.php" ?>

is the output, apparently. I think he's wondering what's causing the initial ? before the include.

The

?<? include "layout/header.php" ?>

is the output, apparently. I think he's wondering what's causing the initial ? before the include.

Yep, well done, missed that.

hello ardav, Andrieux and xan

thank you very much for your replies, and very sorry for my messy post. in fact, this post is my very first post here, and it was posted just before i went to bed, when i was very tired to study how to put a proper post, sorry again.

as your guys said, I was wondering

what's causing the initial ? before the include.

my code is as follow:
1)function which is get data from a table after updating the table:

public function getHtmlWrapper($id) {
//get entire html wrapper
$sql = "SELECT id, theme_name, html_wrapper FROM ".TABLE_PREFIX."themes WHERE id = $id";
$result_id = $this->db->query($sql);
$theme_data = $this->db->fetchToRow($result_id);

//read file in to database
$file_content = file_get_contents(SITE_ROOT.'/themes/'.$theme_data["theme_name"].'/index.php');
if($file_content) {
$this->db->update('themes',
array('html_wrapper'=>$file_content),
"id = '".(int) $id."'");
}

//get entire html wrapper
$sql = "SELECT id, theme_name, html_wrapper FROM ".TABLE_PREFIX."themes WHERE id = $id";
$result_id = $this->db->query($sql);
$theme_data = $this->db->fetchToRow($result_id);
return $theme_data;
}

and html_wrapper gets displayed on this page on the text in red.

<div class="notice">
	Enter your html here. You may use variables here to change the content.
</div>
<form action="<?= site_url('design/edit_wrapper/'.$wrapper['id'].'') ?>" method="POST" name="dataform" onsubmit="if(window.html_wrapper && html_wrapper.textarea.disabled) {html_wrapper.toggleEditor()};">
    <fieldset>
        <legend>Edit HTML wrapper for: <?= $wrapper['theme_name'] ?></legend>
        <? show_error($errors); ?>
		<? show_success($success); ?>
        <div class="edit_page">
               <textarea id="html_wrapper" name="html_wrapper" class="codepress php linenumbers-off autocomplete-off wrap-on" style="width: 98%; height: 500px" /><?= $wrapper['html_wrapper'] ?></textarea>
        </div>
		<input type="hidden" value="<?= $wrapper['id'] ?>" name="id" />
		<p class="buttons">
			<button type="submit" class="button positive">
				Save HTML wrapper
			</button>						
		</p>
    </fieldset>
</form>

the update function in the database class which is: as follow:

function update($table, $data, $where='') {

$q="UPDATE ".TABLE_PREFIX."".$table." SET ";

foreach($data as $key=>$val) {
if(strtolower($val)=='null') $q.= "`$key` = NULL, ";
elseif(strtolower($val)=='now()') $q.= "`$key` = NOW(), ";
else $q.= "`$key`='".$this->escape($val)."', ";
}

$q = rtrim($q, ', ') . ' WHERE '.$where.';';
//echo $q;
return $this->query($q);
}

the escape function below is called by update function

function escape($string) {
if(version_compare(phpversion(),"4.3.0")=="-1") {
return mysql_escape_string($string);
} else {
return mysql_real_escape_string($string);
}
}

when I do var_dump($file_content) before update statement it gives me the contents :

<? include "layout/header.php" ?>
<? $body = (isset($body))?$body:'home'?>
<? include 'contents/'.$body.'.php' ?>
<? include 'layout/footer.php' ?>

but after updating the table with $file_content, and do select the the output is different from $file_content
which gets an extra ? before the <? include "layout/header.php" ?>

?<? include "layout/header.php" ?>

thank you for your help

hello everyone

seems all the web masters have lost interest in reading the long code,

:(

You've echoed the $q var once. Try updating with escaping with addslashes and html_entities as opposed to mysql_escape functions. Or just try it without any escaping (be careful!). If you still get the '?' you know it's not the escape function.

In addition, it shouldn't really matter, but through your code you've got <? ... ?> and <?= ... ?> . Ensure that you terminate ALL statements with ';' and check again.

This article has been dead for over six months. Start a new discussion instead.