vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Stripping Single/Double Quotes (https://vborg.vbsupport.ru/showthread.php?t=116786)

Kirk Y 05-27-2006 01:01 AM
Stripping Single/Double Quotes
 
Hey gents. Okay, I've got a text field whose data is being retrieved via $_POST[message]. I'm inserting its contents into a DB using:

PHP Code:
$db->query_write("INSERT INTO table_name (user, message, date) VALUES 
('$username', '$message', '$date')"); 
Everything works dandy -- that is, until someone inputs a single/double quote! Eeek! I've been trying different solutions, but as of yet, have had no success whatsoever. I'm almost ready to pull my hair out, all the stripslashes, addslashes, preg_replace... ack! Please someone lend an assist!

Adrian Schneider 05-27-2006 01:48 AM
PHP Code:
$db->query_write("
    INSERT INTO table_name
        (user, message, date)
    VALUES (
        '" $db->escape_string($username) . "',
        '" $db->escape_string($message) . "',
        '" $db->escape_string($date) . "'
    )
"); 
You probably won't have to escape $date though (you should be saving it as a Unix timestamp).

Edit: instead of using raw $_POST values, use vBulletin's cleaning functions (read more here: https://vborg.vbsupport.ru/showthread.php?t=98047).

Kirk Y 05-27-2006 02:25 AM
Thanks SirAdrian. I got the stripping half of your post working great, but I'm having some trouble with the cleaning functions. It'll post the submitted text, but if the text contains any ' or ", it won't be outputted.

PHP Code:
$message2 =& $vbulletin->input->clean_gpc('p''message'TYPE_NOTRIM);

if(isset($_POST[info])){
  $F43296slq $db->query_write("
    INSERT INTO blastmsg
        (user, message, date)
    VALUES (
        '" $db->escape_string($username) . "',
        '" $db->escape_string($vbulletin->GPC['message']) . "',
        '" $db->escape_string($date) . "'
    )
"); 
Let me see if I'm understanding this right:
Code:
$message2 = $vbulletin->input->clean_gpc('p', 'message', TYPE_NOTRIM);
'p' refers to $_POST
'message' refers to the name I've given to my textfield (equivalent to $_POST[message]
TYPE_NOTRIM refers to a regular 'ol string, is that what I should be using?

Thanks for you help, though.

Adrian Schneider 05-27-2006 02:43 AM
If you use clean_array_gpc() it sends it to $vbulletin->GPC, but if you use clean_gpc() it just returns it (in your case to $message2). You should probably use TYPE_STR or TYPE_NOHTML depending on your needs (it is usually good to have the string trimmed!). Your code looks fine, just change $vbulletin->GPC['message'] to $message2.

Kirk Y 05-27-2006 02:51 AM
Oh, didn't have time to edit. The code was fine, it was an error on my part in regard to my SELECT query used to pull the data from the database. Up until now, I was just selecting the data by it's timestamp, but as it only goes out to minutes, if two messages were posted within that same minute, the SELECT query would choose the previous one, instead of the most recent. I fixed that now with an auto_increment column. The strange thing though, I was using $message2 originally, but it wouldn't show up -- after I looked in the vB.com manual supplied in the thread you gave me, I tried using $vbulletin->GPC and that worked.

Thanks again for all your help, it's working swimmingly now!


All times are GMT. The time now is 09:26 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01067 seconds
  • Memory Usage 1,732KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (3)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete