Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Regular Coder
    Join Date
    Feb 2005
    Posts
    663
    Thanks
    5
    Thanked 14 Times in 14 Posts

    magic quotes off help

    My webhost has magic quotes gpc turned off for php5, and I am have problems getting the below query to work when adding a message to a chat:
    PHP Code:
    mysql_query("INSERT INTO ".$this->settings->mysql_prefix."chat (gid,uid,msg,ts) VALUES ('$gid','$uid','$msg','".time()."')"); 
    The issue is with the apostrophe's. With magic quotes turned on, the apostrophe's work and the message is posted. But when magic quotes is turned off, any comments added will not show up.

    I've tried changing the values to (?,?,?,?) and adding array from this example, but still haven't gotten it work correctly.

    Anybody have any ideas?

  • #2
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    I use this function to escape data
    PHP Code:
    function escape_data ($data)
    {
        global 
    $dbc// this is the variable you assign to mysql_connect()
        
    if(ini_get('magic_quotes_gpc')) // if magic_quotes_gpc is on
        
    {
            
    $data stripslashes($data); // strip the slashes
        
    }
        return 
    mysql_real_escape_string($data$dbc); // return the data with appropriate quotes rather than being escaped twice

    Usage:
    PHP Code:
    $variable escape_data($_POST['msg']); 
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #3
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,638
    Thanks
    2
    Thanked 404 Times in 396 Posts
    You should always use mysql_real_escape_string() to escape values you insert into the database.

  • #4
    Regular Coder
    Join Date
    Feb 2005
    Posts
    663
    Thanks
    5
    Thanked 14 Times in 14 Posts
    Thanks for help guys, but am still a little stuck. After looking the mysql_real_escape_string() examples, I added in this function:
    PHP Code:
    function quote_smart($value)
        {
        if( 
    is_array($value) ) {
            return 
    array_map("quote_smart"$value);
            } else {
            if( 
    get_magic_quotes_gpc() ) {
                
    $value stripslashes($value);
                }
            if( 
    $value == '' ) {
                
    $value 'NULL';
                } if( !
    is_numeric($value) || $value[0] == '0' ) {
                
    $value "'".mysql_real_escape_string($value)."'";
                }
            return 
    $value;
            }
        } 
    as well as this for the text added:

    $msg = quote_smart($_POST['msg']);

    but I keep getting a "Call to undefined function quote_smart()", and it is referencing the $msg = quote_smart($_POST['msg']); line. I have the function being called above first, yet I still get the error.

  • #5
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,638
    Thanks
    2
    Thanked 404 Times in 396 Posts
    Post the whole page.

  • #6
    Regular Coder
    Join Date
    Feb 2005
    Posts
    663
    Thanks
    5
    Thanked 14 Times in 14 Posts
    Here's the entire page/script. Its not to long. You can see the function on line 30, and the call to the function on line 50. This is the chat script of a game called TryChess, which is written to use php5. Been testing it all locally on my wamp install, yet I seem to get an undefined function error on it.
    PHP Code:
    //chat class
    require "class.core.php";
        
    class 
    chat extends core
    {
              
        function 
    show()
        {
            
    $gid $_SESSION['user']['gid'];
            
    $form "
                <FORM method=\"POST\" action=\"index.php?modul=chat&method=newmsg\">
                    <INPUT type=\"text\" name=\"msg\" class=\"input_large\"><INPUT class=\"button\" type=\"submit\" value=\"Send\">
                </FORM>"
    ;
            
    $inneriframe "<IFRAME width=0% height=0 src=\"index.php?modul=chat&method=check_new&time=0\"/> ";
            
    $output "<HTML>
                            <HEAD>
                                <TITLE>Chat</TITLE>
                                <LINK rel=\"stylesheet\" href=\"styles/main.css\" type=\"text/css\" />
                            </HEAD>
                            <BODY class=\"body\">
                                $form<BR><span id=\"chat\"></span>
                                $inneriframe
                                
                            </BODY>
                        </HTML>"
    ;
            print 
    $output;
        }
        
        function 
    quote_smart($value)
        {
        if( 
    is_array($value) ) {
            return 
    array_map("quote_smart"$value);
            } else {
            if( 
    get_magic_quotes_gpc() ) {
                
    $value stripslashes($value);
                }
            if( 
    $value == '' ) {
                
    $value 'NULL';
                } if( !
    is_numeric($value) || $value[0] == '0' ) {
                
    $value "'".mysql_real_escape_string($value)."'";
                }
            return 
    $value;
            }
        }
        
        function 
    newmsg()
        {
            
            
    $msg quote_smart($_POST['msg']);
            
    $gid $_SESSION['user']['gid'];
            
    $uid $_SESSION['user']['id'];
            
    mysql_query("INSERT INTO ".$this->settings->mysql_prefix."chat (gid,uid,msg,ts) VALUES ('$gid','$uid','$msg','".time()."')");
            
    header("Location: index.php?modul=chat&method=show");
        }
        function 
    idToNick($id)
        {
            
    $urow mysql_fetch_object(mysql_query("SELECT * FROM  ".$this->settings->mysql_prefix."users WHERE id='$id'"));
            return 
    $urow->nick;
            
        }
        function 
    check_new()
        {
            
    $gid $_SESSION['user']['gid'];
            
    $time $_GET[time];
            
    $query1 mysql_query("SELECT * FROM  ".$this->settings->mysql_prefix."chat WHERE gid='$gid' and ts>'$time' ORDER BY id desc");
            while(
    $row mysql_fetch_object($query1))
            {
                if(
    $time $row->ts)$time $row->ts;
                if(
    $row->uid != $_SESSION['user'][id])
                    
    $font "<FONT color=\"#444400\">";
                else
                    
    $font "<FONT color=\"#000000\">";
                
    $text.="$font<U><B>".$this->idToNick($row->uid)."</B></U><FONT size=\"-1\"><I>(".date("h:i:s",$row->ts).")</I></FONT><B>:</B> ".$row->msg."<BR></FONT>";
                
            }
            
    mysql_free_result($query1);
            if(
    $_SESSION['user']['playing'] == '0')
            {
                
    $game_row mysql_fetch_object(mysql_query("SELECT * FROM  ".$this->settings->mysql_prefix."game WHERE id='$gid'"));
                if(
    $game_row->active_player == $_SESSION['user']['id'])
                {
                    if(
    $game_row->winner==0)
                     
    $reload_parent "parent.parent.document.location.href=parent.parent.document.location.href";
                    else
                     
    $reload_parent "parent.parent.document.location.href=parent.parent.document.location.href+'&game=over'";
                }
            }
            ;
            
    $text str_replace("'","\'",$text);
            print 
    "<HTML>
                            <HEAD>
                                <TITLE>Renew...</TITLE>
                                <META HTTP-EQUIV=\"refresh\" content=\"3;URL=index.php?method=check_new&modul=chat&time=$time\">
                            </HEAD>
                            <BODY>
                                <SCRIPT language=\"Javascript\">
                                    parent.document.getElementById('chat').innerHTML='$text'+parent.document.getElementById('chat').innerHTML;
                                    $reload_parent
                                </SCRIPT>
                            </BODY>
                        </HTML>"
    ;
        }


  • #7
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,638
    Thanks
    2
    Thanked 404 Times in 396 Posts
    You placed the function inside of a class.. you have to use the instance of the class to call it.
    PHP Code:
    $chat = new chat(); // use your instance, this is just an example
    $msg $chat->quote_smart($_POST['msg']); 


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •