WebsiteBaker Community Forum

WebsiteBaker Support (2.8.x) => Droplets & Snippets => Topic started by: noname8 on October 23, 2016, 12:24:39 PM

Title: cannot propely escape string
Post by: noname8 on October 23, 2016, 12:24:39 PM

I'm creating a snippet that updates json string into mysql.
The problem is that json contains " -charachters
but i cant get it to either run trogh php or run trough sql, always mismatch of the ' charachters:

Code: [Select]

$save_string='[{"page_id": "'.$pid.'", "viewed": "'.$pvalue.'"}]';


$save_string=addslashes($save_string);

$sql='UPDATE '.TABLE_PREFIX.'users SET checked_content='.$save_string.' WHERE user_id='.$uid;
$results = $database->query( $sql );
$retval.= $results.$sql;
$retval.= '<br>päivitetty';-Fatal error: Call to a member function query() on a non-object in /var/www/verkkokurssi/modules/droplets/droplets.php(37) : eval()'d code on line 12

Code: [Select]

$sql='UPDATE '.TABLE_PREFIX.'users SET checked_content=''.$save_string.'' WHERE user_id='.$uid;
Parse error: syntax error, unexpected ''.$save_string.'' (T_CONSTANT_ENCAPSED _STRING) in ....droplets.php(37) : eval()'d code on line 41

Code: [Select]

$sql='UPDATE '.TABLE_PREFIX.'users SET checked_content=\''.$save_string.'\' WHERE user_id='.$uid;
Fatal error: Call to a member function query() on a non-object in /var/www/verkkokurssi/modules/droplets/droplets.php(37) : eval()'d code on line 12

Code: [Select]

$sql='UPDATE '.TABLE_PREFIX.'users SET checked_content=\\''.$save_string.'\\' WHERE user_id='.$uid;

Parse error: syntax error, unexpected ''.$save_string.'' (T_CONSTANT_ENCAPSED _STRING) in /var/www/verkkokurssi/modules/droplets/droplets.php(37) : eval()'d code on line 41


So what does it take to get it in to the system?!!
Working sql made manually and run into sql console:

Code: [Select]

UPDATE wbakervk1_users SET checked_content='[{\"page_id\":\"1\",\"viewed\":\"1\"},{\"page_id\":\"2\",\"viewed\":\"0\"},{\"page_id\":\"13\",\"viewed\":0}]' WHERE user_id=1



Title: Re: cannot propely escape string
Post by: DarkViper on October 23, 2016, 02:05:25 PM

Quote from: noname8 on October 23, 2016, 12:24:39 PM

I'm creating a snippet Droplet that updates json string into mysql.
The problem is that json contains " -charachters
but i cant get it to either run trogh php or run trough sql, always mismatch of the ' charachters:

Code: [Select]

$save_string='[{"page_id": "'.$pid.'", "viewed": "'.$pvalue.'"}]';

$save_string=addslashes($save_string);

$sql='UPDATE '.TABLE_PREFIX.'users SET checked_content='.$save_string.' WHERE user_id='.$uid;
$results = $database->query( $sql );
$retval.= $results.$sql;  // <--  !! concate Boolean and String ???
$retval.= '<br>päivitetty';-Fatal error: Call to a member function query() on a non-object in /var/www/verkkokurssi/modules/droplets/droplets.php(37) : eval()'d code on line 12

• "Call to a member function query() on a non-object" means that $database does not contain a valid database object.
  You can try to import the global one.
• the use of addslashes() with SQL statements is a bad solution.
  Use $database->escapeString($save_string); instead.

Ok, from this the following code should work properly.

Code: [Select]

<?php

global $database;
$sSaveString='[{"page_id": "'.$pid.'", "viewed": "'.$pvalue.'"}]';
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '
     . 'SET `checked_content`=\''.$database->escapeString($sSaveString).'\' '
     - 'WHERE `user_id`='.(int)$uid;
$bRetval = $database->query($sql);

return '<br>'.($bRetval ? 'päivitetty' : 'virhe');
have a nice day,
Manuela

Title: Re: cannot propely escape string
Post by: noname8 on October 23, 2016, 04:58:15 PM

Thanks a million! (nynccats) https://www.youtube.com/watch?v=GE8M5QM1sf8 (https://www.youtube.com/watch?v=GE8M5QM1sf8)
it was missing the global $database; row at the start.

And also thanks for the real escape, couldn't figure that out !
 :-)