WebsiteBaker Logo
  • *
  • Templates
  • Help
  • Add-ons
  • Download
  • Home
*
Welcome, Guest. Please login or register.

Login with username, password and session length
 

News


WebsiteBaker 2.13.9 is now available!


R.I.P Dietmar (luisehahne) and thank you for all your valuable work for WB
https://forum.websitebaker.org/index.php/topic,32355.0.html


* Support WebsiteBaker

Your donations will help to:

  • Pay for our dedicated server
  • Pay for domain registration
  • and much more!

You can donate by clicking on the button below.


  • Home
  • Help
  • Search
  • Login
  • Register

  • WebsiteBaker Community Forum »
  • WebsiteBaker Support (2.8.x) »
  • Droplets & Snippets »
  • cannot propely escape string
  • Print
Pages: [1]   Go Down

Author Topic: cannot propely escape string  (Read 25703 times)

Offline noname8

  • Posts: 151
cannot propely escape string
« on: October 23, 2016, 12:24:39 PM »
I'm creating a snippet that updates json string into mysql.
The problem is that json contains " -charachters
but i cant get it to either run trogh php or run trough sql, always mismatch of the ' charachters:

Code: [Select]
$save_string='[{"page_id": "'.$pid.'", "viewed": "'.$pvalue.'"}]';


$save_string=addslashes($save_string);

$sql='UPDATE '.TABLE_PREFIX.'users SET checked_content='.$save_string.' WHERE user_id='.$uid;
$results = $database->query( $sql );
$retval.= $results.$sql;
$retval.= '<br>päivitetty';
-Fatal error: Call to a member function query() on a non-object in /var/www/verkkokurssi/modules/droplets/droplets.php(37) : eval()'d code on line 12

Code: [Select]
$sql='UPDATE '.TABLE_PREFIX.'users SET checked_content=''.$save_string.'' WHERE user_id='.$uid;
Parse error: syntax error, unexpected ''.$save_string.'' (T_CONSTANT_ENCAPSED _STRING) in ....droplets.php(37) : eval()'d code on line 41

Code: [Select]
$sql='UPDATE '.TABLE_PREFIX.'users SET checked_content=\''.$save_string.'\' WHERE user_id='.$uid;
Fatal error: Call to a member function query() on a non-object in /var/www/verkkokurssi/modules/droplets/droplets.php(37) : eval()'d code on line 12


Code: [Select]
$sql='UPDATE '.TABLE_PREFIX.'users SET checked_content=\\''.$save_string.'\\' WHERE user_id='.$uid;

Parse error: syntax error, unexpected ''.$save_string.'' (T_CONSTANT_ENCAPSED _STRING) in /var/www/verkkokurssi/modules/droplets/droplets.php(37) : eval()'d code on line 41


So what does it take to get it in to the system?!!
Working sql made manually and run into sql console:
Code: [Select]
UPDATE wbakervk1_users SET checked_content='[{\"page_id\":\"1\",\"viewed\":\"1\"},{\"page_id\":\"2\",\"viewed\":\"0\"},{\"page_id\":\"13\",\"viewed\":0}]' WHERE user_id=1

Logged

Offline DarkViper

  • Forum administrator
  • *****
  • Posts: 3087
  • Gender: Female
Re: cannot propely escape string
« Reply #1 on: October 23, 2016, 02:05:25 PM »
Quote from: noname8 on October 23, 2016, 12:24:39 PM
I'm creating a snippet Droplet that updates json string into mysql.
The problem is that json contains " -charachters
but i cant get it to either run trogh php or run trough sql, always mismatch of the ' charachters:

Code: [Select]
$save_string='[{"page_id": "'.$pid.'", "viewed": "'.$pvalue.'"}]';

$save_string=addslashes($save_string);

$sql='UPDATE '.TABLE_PREFIX.'users SET checked_content='.$save_string.' WHERE user_id='.$uid;
$results = $database->query( $sql );
$retval.= $results.$sql;  // <--  !! concate Boolean and String ???
$retval.= '<br>päivitetty';
-Fatal error: Call to a member function query() on a non-object in /var/www/verkkokurssi/modules/droplets/droplets.php(37) : eval()'d code on line 12

  • "Call to a member function query() on a non-object" means that $database does not contain a valid database object.
    You can try to import the global one.
  • the use of addslashes() with SQL statements is a bad solution.
    Use $database->escapeString($save_string); instead.

Ok, from this the following code should work properly.
Code: [Select]
<?php

global $database;
$sSaveString='[{"page_id": "'.$pid.'", "viewed": "'.$pvalue.'"}]';
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '
     
. 'SET `checked_content`=\''.$database->escapeString($sSaveString).'\' '
     
- 'WHERE `user_id`='.(int)$uid;
$bRetval = $database->query($sql);

return 
'<br>'.($bRetval ? 'päivitetty' : 'virhe');
have a nice day,
Manuela
« Last Edit: October 23, 2016, 02:11:24 PM by DarkViper »
Logged
Der blaue Planet - er ist nicht unser Eigentum - wir haben ihn nur von unseren Nachkommen geliehen

"We need education to cope with digitalization - and NOT the digitalization of education.!"

Tägliches Stoßgebet: Oh Herr, wirf Hirn vom Himmel !

Offline noname8

  • Posts: 151
Re: cannot propely escape string
« Reply #2 on: October 23, 2016, 04:58:15 PM »
Thanks a million! (nynccats) https://www.youtube.com/watch?v=GE8M5QM1sf8
it was missing the global $database; row at the start.

And also thanks for the real escape, couldn't figure that out !
 :-)
Logged

  • Print
Pages: [1]   Go Up
  • WebsiteBaker Community Forum »
  • WebsiteBaker Support (2.8.x) »
  • Droplets & Snippets »
  • cannot propely escape string
 

  • SMF 2.0.19 | SMF © 2017, Simple Machines
  • XHTML
  • RSS
  • WAP2