Author Topic: cannot propely escape string (Read 25698 times)

noname8 · « **on:** October 23, 2016, 12:24:39 PM »

I'm creating a snippet that updates json string into mysql.
The problem is that json contains " -charachters
but i cant get it to either run trogh php or run trough sql, always mismatch of the ' charachters:

Code: [Select]

$save_string='[{"page_id": "'.$pid.'", "viewed": "'.$pvalue.'"}]';


$save_string=addslashes($save_string);

$sql='UPDATE '.TABLE_PREFIX.'users SET checked_content='.$save_string.' WHERE user_id='.$uid;
$results = $database->query( $sql );
$retval.= $results.$sql;
$retval.= '<br>päivitetty';

-Fatal error: Call to a member function query() on a non-object in /var/www/verkkokurssi/modules/droplets/droplets.php(37) : eval()'d code on line 12

Code: [Select]

$sql='UPDATE '.TABLE_PREFIX.'users SET checked_content=''.$save_string.'' WHERE user_id='.$uid;

Parse error: syntax error, unexpected ''.$save_string.'' (T_CONSTANT_ENCAPSED _STRING) in ....droplets.php(37) : eval()'d code on line 41

Code: [Select]

$sql='UPDATE '.TABLE_PREFIX.'users SET checked_content=\''.$save_string.'\' WHERE user_id='.$uid;

Fatal error: Call to a member function query() on a non-object in /var/www/verkkokurssi/modules/droplets/droplets.php(37) : eval()'d code on line 12

Code: [Select]

$sql='UPDATE '.TABLE_PREFIX.'users SET checked_content=\\''.$save_string.'\\' WHERE user_id='.$uid;

Parse error: syntax error, unexpected ''.$save_string.'' (T_CONSTANT_ENCAPSED _STRING) in /var/www/verkkokurssi/modules/droplets/droplets.php(37) : eval()'d code on line 41

So what does it take to get it in to the system?!!
Working sql made manually and run into sql console:

Code: [Select]

UPDATE wbakervk1_users SET checked_content='[{\"page_id\":\"1\",\"viewed\":\"1\"},{\"page_id\":\"2\",\"viewed\":\"0\"},{\"page_id\":\"13\",\"viewed\":0}]' WHERE user_id=1

DarkViper · « **Reply #1 on:** October 23, 2016, 02:05:25 PM »

Quote from: noname8 on October 23, 2016, 12:24:39 PM

I'm creating a ~~snippet~~ Droplet that updates json string into mysql.
The problem is that json contains " -charachters
but i cant get it to either run trogh php or run trough sql, always mismatch of the ' charachters:

Code: [Select]
$save_string='[{"page_id": "'.$pid.'", "viewed": "'.$pvalue.'"}]'; $save_string=addslashes($save_string); $sql='UPDATE '.TABLE_PREFIX.'users SET checked_content='.$save_string.' WHERE user_id='.$uid; $results = $database->query( $sql ); $retval.= $results.$sql; // <-- !! concate Boolean and String ??? $retval.= '<br>päivitetty';-Fatal error: Call to a member function query() on a non-object in /var/www/verkkokurssi/modules/droplets/droplets.php(37) : eval()'d code on line 12

"Call to a member function query() on a non-object" means that $database does not contain a valid database object.
You can try to import the global one.
the use of addslashes() with SQL statements is a bad solution.
Use $database->escapeString($save_string); instead.

Ok, from this the following code should work properly.

Code: [Select]

<?php

global $database;
$sSaveString='[{"page_id": "'.$pid.'", "viewed": "'.$pvalue.'"}]';
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '
     . 'SET `checked_content`=\''.$database->escapeString($sSaveString).'\' '
     - 'WHERE `user_id`='.(int)$uid;
$bRetval = $database->query($sql);

return '<br>'.($bRetval ? 'päivitetty' : 'virhe');

have a nice day,
Manuela

noname8 · « **Reply #2 on:** October 23, 2016, 04:58:15 PM »

Thanks a million! (nynccats) https://www.youtube.com/watch?v=GE8M5QM1sf8
it was missing the global $database; row at the start.

And also thanks for the real escape, couldn't figure that out !

News

Support WebsiteBaker

Your donations will help to:

You can donate by clicking on the button below.

Author Topic: cannot propely escape string (Read 25698 times)

noname8

cannot propely escape string

DarkViper

Re: cannot propely escape string

noname8

Re: cannot propely escape string