Hello, I am currently using bound parameters in regards to user input on my form. I have read about escape strings also and thought of using both together. Is this possible and, importantly, is it necessary considering I am already using bound parameters? I would like to use both. Thank you in advance, Matthew

Member Avatar
Member Avatar
+0 forum 2

Hello. I am beginning the process of coverting all of my MySQL to MySQLi. I have been doing much research on this but find it a bit confusing. I have two questions at this point regarding the matter: 1) What does it exactly mean to "escape" a string and where does the code for this go? I assume it goes on my page with my database login credentials. I found the following but find it somewhat hard to interpret: "We'll use the mysqli_real_escape_string() function. Since it needs a database connection, we'll go ahead and wrap it in its own function. …

Member Avatar
Member Avatar
+0 forum 1

Here is a simple way to insert into a database that isn't much harder than using string concatenation - which we all know is very dangerous due to SQL injection attacks. Put the code snippet into `database.php`. Now, in a script handling a form post, such as `post_reply.php`: <?php require_once("database.php"); // Get session and post data to insert - no need for mysql_real_escape_string or other escaping // (Note: Passwords should still go through password_hash() or crypt() though!) $member_id = $_SESSION['member_id']; $response_to = isset($_POST['response_to']) ? $_POST['response_to'] : (isset($_GET['response_to']) ? $_GET['response_to'] : ''); $subject = isset($_POST['subject']) ? $_POST['subject'] : ''; $post = …

Member Avatar
Member Avatar
+4 forum 6

How to store string to a variable which contains both single & double quote? The string should be dynamic, not static. For example : *thisis'a"string* another string is : *this'i"sastring* The quotes will be vary its position. Is it possible to store these type of string to a variable? Thank you

Member Avatar
Member Avatar
+0 forum 8

Hi Goodmorning. I'm developing an online add cart. my problem is when a user confirm payment and after a second he/she pressed escape. payment is successful but my email notification did not sent. how will i detect if a user pressed escape. Thank you.

Member Avatar
Member Avatar
+0 forum 3

var pattern =/^([0-9]{2})\/([0-9]{2})\/([0-9]{4})$/;

Member Avatar
Member Avatar
+0 forum 1

How do I use htmlspecialchars to escape all html but then allow two tags? I've escaped my text but want to allow the following two tags: img iframe Is there an easy way to do this? I never had a class on php so everything I know is self taught. Any insight would be greatly apreciated :) Thanks in advance guys!

Member Avatar
Member Avatar
+0 forum 1

I got a string `\x3Cb\x3EHello, World\x3C\x2Fb\x3E` as a webresponse..i think it means `<b>Hello, World</b>` but i don't know how to unescape that sequence into java string..could anyone please help me with this?? Thank you.

Member Avatar
Member Avatar
+0 forum 21

Hello, i want to know if somebody could help me to make this script safe. Like how to put mysql_real_escape_string. Or how to use preg_split, or htmletities.... <?php include 'extern/connect.php'; $categories = file_get_contents('extern/categories.php'); $footer = file_get_contents('extern/footer.php'); $logo = file_get_contents('extern/logo.php'); $report = file_get_contents('extern/report.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="keywords" content="//////" /> <meta name="description" content="/////" /> <title>///////<title> <link rel="shortcut icon" href="images/favicon.ico" /> <link rel="stylesheet" type="text/css" href="/css/style.css" /> <!--[if IE]> <link rel="stylesheet" type="text/css" href="/css/ie-style.css" /> <![endif]--> <script type="text/javascript" src="extern/stats.js" ></script> <script type='text/javascript' src='ajax/jquery-1.8.1.js'></script> <script type="text/javascript"> $(document).ready(function(){ $('._bxn').click(function(){ var file_id = …

Member Avatar
Member Avatar
+0 forum 14

Hi I am looking for some information regarding VT102 escape codes. Are there any tutorials on this anyone can recommend? Basically, what I need to do is overwrite these print statements within the for loop to my screen: for (int i=0;i<5;i++) { printf("Enter the current price of the product: "); scanf("%d", &price); printf("Enter the number of the product: "); scanf("%d", &number); int total price = price*number; printf("total price is %d", number) }

Member Avatar
Member Avatar
+0 forum 3

The code is as follows and I wanted to know more about how and where \v and \f are used? printf("Vertical tab \v is tricky, as its behaviour is unspecified under certain conditions.\n"); Also, can anyone explain what the sentence in the print statement suggests?

Member Avatar
Member Avatar
+0 forum 2

i need help in converting special characters in displaying in the web page.

Member Avatar
Member Avatar
-1 forum 1

hi, i've been trying to solve this but no luck. This is my code [CODE]$replace1 =str_replace('hreflang=\"'.$arr['variantslang1hid'].'\" lang=\"'.$arr['variantslang1hid'].'\"','hreflang=\"'.$arr['variantslang1'].'\" lang=\"'.$arr['variantslang1'].'\"',$replace1);[/CODE] it should replace but no. i'm not escaping "" properly. how can i solve this? help much appreciated!

Member Avatar
Member Avatar
+0 forum 6

I've been looking to secure a site that has many queries involved. I've always known about mysql real escape string for a while but recently i ran across prepared statements. I had a few questions about them. Is it a good idea to use both? is this over kill? When should i use one but not the other? Any other protection coding techniques i should look into for my queries and variables?

Member Avatar
Member Avatar
+0 forum 3

How do I deal with quotes here? What i want is /[^a-zA-Z0-9-_.,!()'\/"]/ but how do i deal the quotes? [CODE] $pattern = '/[^a-zA-Z0-9-_.,!()'"\/' . $whatever . ']/'; return preg_replace($pattern, '', $value); [/CODE] Cheers!

Member Avatar
Member Avatar
+0 forum 6

Hi, As the title states, I have a query that I use to concatenate all the rows into a single string and I use the XMLTransform method to accomplish that but I still need to add a new line separator within the XML string and so far I didn't find any escape character to work. I tried the '\n', CHR(10), ASCII_CHR(10)||ASCII_CHR(13), <br/> ... Here is the code snippet: [CODE] SELECT XMLTransform(SYS_XMLAgg(SYS_XMLGen(LocationTable.LOCATION)), XMLType('<?xml version="1.0"?><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/"> <xsl:for-each select="/ROWSET/LOCATION"> <xsl:value-of select="text()"/> ---NEW LINE SEPARATOR NEEDED HERE--- </xsl:for-each> </xsl:template> </xsl:stylesheet>')).getstringval() FROM LocationTable [/CODE] Regards, Alin

Member Avatar
Member Avatar
+0 forum 1

Hi there, I have been told I need to use escape() and unescape() to fix some issues I am having with my Javascript in IE7. I've been fiddling with it for two days now and can't seem to get it working correctly. It would be amazing if someone on here could spare a few minutes to tell me what my code should look like. Here's my Javascript (I've removed my efforts at escaping and unescaping, and also blanked my Facebook app ID out with 123456789): [CODE]<script> FB.init({ appId:'123456789', cookie:true, status:true, xfbml:true }); function shareProduct(captionvar, descriptionvar, picturevar) { FB.ui({ method: 'feed', …

Member Avatar
Member Avatar
+0 forum 1

I'm looking to create a 3D environment for an escape-the-room game that I'm making with Flash. I'm hoping I'll be able to do it with the 3D features of Adobe Illustrator but am unsure. I need to be able to move the view-point angle in the pictures to take the screenshots from different perspectives. So ideally I'd like to make an entire room model which I can move the "camera" around at my will to position it [B]for taking screenshots, not for gameplay[/B]. I'll just be using importing the image screenshots into Flash, so after the game is made the …

Member Avatar
Member Avatar
+0 forum 2

The End.