PDA

View Full Version : str_replace code?

syrus.xl
04-07-2007, 01:46 AM
I got this code in my admin file, however I need to add a str_replace before the data is posted. The str_replace code I'm trying to add is below, but I'm having problems on where it would actually go.

if ($_POST['do'] == "do_add_playlist1"){

print_cp_header("Add New MP3 To Playlist 1");

// Update Database

$db->query("insert into ".TABLE_PREFIX."mp3playlist values(

'','" . addslashes($_POST['url_product']) . "','" . addslashes($_POST['url_product_stream']) . "','" . addslashes($_POST['url_product_buffer']) . "','" . addslashes($_POST['mp3name']) . "',''

)");

define('CP_REDIRECT', 'mp3player_admin.php?do=playlist1');

print_stop_message('mp3player_mp3_added');

}

str_replace code I need to insert.

$playlistselect = $_POST[playlistselect];

$c = count ($_POST['mp3name']);

if($mp3playersettings['approvemp3']==1){
$approvemp3 = 0;
}else if($mp3playersettings['approvemp3']==0){
$approvemp3 = 1;
}
for ($i = 0; $i < $c; $i++ ) {
$mp3name = $_POST['mp3name'][$i];
$mp3url = $_POST['mp3url'][$i];
$stream = $_POST['stream'][$i];
$soundbuffer = $_POST['soundbuffer'][$i];
$mp3name = str_replace("&quot;", " ", $mp3name);
$mp3name = str_replace("&amp;", " ", $mp3name);
$mp3name = str_replace("gt;", " ", $mp3name);
$mp3name = str_replace("'", "''", $mp3name);
$mp3url = str_replace("'", "''", $mp3url);
$mp3url = str_replace("&quot;", " ", $mp3url);
$mp3url = str_replace("&amp;", " ", $mp3url);
$mp3url = str_replace("gt;", " ", $mp3url);
if($playlistselect == 1){
if($mp3name == ""){

Any help would be much appreciated.:)
Dismounted
04-07-2007, 05:12 AM
1./ NEVER use addslashes, it does a bad job.
2./ You need to change your variables in your query to match those in your replaces.
3./ You have 2 un-closed if's and one un-closed for statement.
syrus.xl
04-07-2007, 06:46 PM
The trouble is the code was written by a co-author of the modification - hes since moved on to new projects not associated with vbulletin. I wrote the flash files, and re-wrote some of the PHP code, but got totally lost with the str-replace code in the admin file, so I got a modification throwing up errors that I'm not sure how to fix.