...

View Full Version : magic quotes off help



ptmuldoon
11-14-2007, 07:10 PM
My webhost has magic quotes gpc turned off for php5, and I am have problems getting the below query to work when adding a message to a chat:

mysql_query("INSERT INTO ".$this->settings->mysql_prefix."chat (gid,uid,msg,ts) VALUES ('$gid','$uid','$msg','".time()."')");

The issue is with the apostrophe's. With magic quotes turned on, the apostrophe's work and the message is posted. But when magic quotes is turned off, any comments added will not show up.

I've tried changing the values to (?,?,?,?) and adding array from this example (http://books.google.com/books?id=r0RzbTtX1VsC&pg=PA126&lpg=PA126&dq=php5+apostrophe&source=web&ots=sbJMj88lOz&sig=kaedC4Ntr4Fh8prRIx34oWR9lNc#PPA127,M1), but still haven't gotten it work correctly.

Anybody have any ideas?

_Aerospace_Eng_
11-14-2007, 07:13 PM
I use this function to escape data

function escape_data ($data)
{
global $dbc; // this is the variable you assign to mysql_connect()
if(ini_get('magic_quotes_gpc')) // if magic_quotes_gpc is on
{
$data = stripslashes($data); // strip the slashes
}
return mysql_real_escape_string($data, $dbc); // return the data with appropriate quotes rather than being escaped twice
}
Usage:

$variable = escape_data($_POST['msg']);

Inigoesdr
11-14-2007, 07:37 PM
You should always use mysql_real_escape_string() (http://php.net/mysql_real_escape_string) to escape values you insert into the database.

ptmuldoon
11-14-2007, 08:59 PM
Thanks for help guys, but am still a little stuck. After looking the mysql_real_escape_string() examples, I added in this function:
function quote_smart($value)
{
if( is_array($value) ) {
return array_map("quote_smart", $value);
} else {
if( get_magic_quotes_gpc() ) {
$value = stripslashes($value);
}
if( $value == '' ) {
$value = 'NULL';
} if( !is_numeric($value) || $value[0] == '0' ) {
$value = "'".mysql_real_escape_string($value)."'";
}
return $value;
}
}

as well as this for the text added:

$msg = quote_smart($_POST['msg']);

but I keep getting a "Call to undefined function quote_smart()", and it is referencing the $msg = quote_smart($_POST['msg']); line. I have the function being called above first, yet I still get the error.

Inigoesdr
11-14-2007, 09:13 PM
Post the whole page.

ptmuldoon
11-14-2007, 09:19 PM
Here's the entire page/script. Its not to long. You can see the function on line 30, and the call to the function on line 50. This is the chat script of a game called TryChess, which is written to use php5. Been testing it all locally on my wamp install, yet I seem to get an undefined function error on it.


//chat class
require "class.core.php";

class chat extends core
{

function show()
{
$gid = $_SESSION['user']['gid'];
$form = "
<FORM method=\"POST\" action=\"index.php?modul=chat&method=newmsg\">
<INPUT type=\"text\" name=\"msg\" class=\"input_large\"><INPUT class=\"button\" type=\"submit\" value=\"Send\">
</FORM>";
$inneriframe = "<IFRAME width=0% height=0 src=\"index.php?modul=chat&method=check_new&time=0\"/> ";
$output = "<HTML>
<HEAD>
<TITLE>Chat</TITLE>
<LINK rel=\"stylesheet\" href=\"styles/main.css\" type=\"text/css\" />
</HEAD>
<BODY class=\"body\">
$form<BR><span id=\"chat\"></span>
$inneriframe

</BODY>
</HTML>";
print $output;
}

function quote_smart($value)
{
if( is_array($value) ) {
return array_map("quote_smart", $value);
} else {
if( get_magic_quotes_gpc() ) {
$value = stripslashes($value);
}
if( $value == '' ) {
$value = 'NULL';
} if( !is_numeric($value) || $value[0] == '0' ) {
$value = "'".mysql_real_escape_string($value)."'";
}
return $value;
}
}

function newmsg()
{

$msg = quote_smart($_POST['msg']);
$gid = $_SESSION['user']['gid'];
$uid = $_SESSION['user']['id'];
mysql_query("INSERT INTO ".$this->settings->mysql_prefix."chat (gid,uid,msg,ts) VALUES ('$gid','$uid','$msg','".time()."')");
header("Location: index.php?modul=chat&method=show");
}
function idToNick($id)
{
$urow = mysql_fetch_object(mysql_query("SELECT * FROM ".$this->settings->mysql_prefix."users WHERE id='$id'"));
return $urow->nick;

}
function check_new()
{
$gid = $_SESSION['user']['gid'];
$time = $_GET[time];
$query1 = mysql_query("SELECT * FROM ".$this->settings->mysql_prefix."chat WHERE gid='$gid' and ts>'$time' ORDER BY id desc");
while($row = mysql_fetch_object($query1))
{
if($time < $row->ts)$time = $row->ts;
if($row->uid != $_SESSION['user'][id])
$font = "<FONT color=\"#444400\">";
else
$font = "<FONT color=\"#000000\">";
$text.="$font<U><B>".$this->idToNick($row->uid)."</B></U><FONT size=\"-1\"><I>(".date("h:i:s",$row->ts).")</I></FONT><B>:</B> ".$row->msg."<BR></FONT>";

}
mysql_free_result($query1);
if($_SESSION['user']['playing'] == '0')
{
$game_row = mysql_fetch_object(mysql_query("SELECT * FROM ".$this->settings->mysql_prefix."game WHERE id='$gid'"));
if($game_row->active_player == $_SESSION['user']['id'])
{
if($game_row->winner==0)
$reload_parent = "parent.parent.document.location.href=parent.parent.document.location.href";
else
$reload_parent = "parent.parent.document.location.href=parent.parent.document.location.href+'&game=over'";
}
}
;
$text = str_replace("'","\'",$text);
print "<HTML>
<HEAD>
<TITLE>Renew...</TITLE>
<META HTTP-EQUIV=\"refresh\" content=\"3;URL=index.php?method=check_new&modul=chat&time=$time\">
</HEAD>
<BODY>
<SCRIPT language=\"Javascript\">
parent.document.getElementById('chat').innerHTML='$text'+parent.document.getElementById('chat').inne rHTML;
$reload_parent
</SCRIPT>
</BODY>
</HTML>";
}
}

Inigoesdr
11-14-2007, 09:29 PM
You placed the function inside of a class.. you have to use the instance of the class to call it.


$chat = new chat(); // use your instance, this is just an example
$msg = $chat->quote_smart($_POST['msg']);



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum