Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    Regular Coder
    Join Date
    Mar 2006
    Posts
    459
    Thanks
    3
    Thanked 0 Times in 0 Posts

    ucfirst Doesn't Appear To Work

    I have added the ucfirst function, however it doesn't affect the entries they still come in as lowercase as the first letter...

    PHP Code:
    $name stripslashes(ucfirst($_POST['name'])); 

  • #2
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Then you are likely making them lowercase again elsewhere. Post the rest of your code.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #3
    Regular Coder
    Join Date
    Mar 2006
    Posts
    459
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Ha you were right before they get inserted into the db I have this on each one...
    Code:
    $name = mysql_real_escape_string($_POST['name']);
    , But I was told to use that as I was having issues with slashes etc...

  • #4
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    You should use that yes. First you need to disable magic_quotes_gpc or you get data that is escaped twice and has extra slashes when it comes back.
    PHP Code:
    <?php
    ini_set
    ('magic_quotes_gpc','0');
    $name mysql_real_escape_string(ucfirst($_POST['name']));
    ?>
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #5
    Regular Coder
    Join Date
    Mar 2006
    Posts
    459
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Sorry a bit confused, ok so initially when I get the post data, I add the 'stripslashes', which does this... If the user types 'John M'Gine', it doesn't add the 'John M'/Gine'... I don't get what the secod part does?

    PHP Code:
    <?php
    ini_set
    ('magic_quotes_gpc','0');
    $name mysql_real_escape_string(ucfirst($_POST['name']));
    ?>

  • #6
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    You don't need stripslashes if magic_quotes_gpc is off. The second part escapes the data before going into the database. Its the whole reason it was made. Without it you are open to mysql injection and if done properly someone could retrieve whatever data they want from your database. With mysql_real_escape_string they can't because any characters they put in are escaped. Learn to read the php manual. Using a function without knowing why or how it works isn't a wise thing to do.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #7
    Regular Coder
    Join Date
    Mar 2006
    Posts
    459
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Hi there thanks for the info, I do read the php.net manual, but apologies as sometimes I don't fully understand what it means, is it not ok to then ask questions in a forum?

    So I think I have a better understanding, let me see if I have this right... magic_quotes_gpc essentially does what addslahes() does, which is needed to be done for binary data to be added into the database which has "'" for example? But this is a really bad way of getting attacked? So better to turn it off and use the mysql_real_escape_string? IS it better to always have 'magic_quotes_gpc' off? Is it on by default?

  • #8
    Regular Coder
    Join Date
    Aug 2002
    Location
    Oregon, United States of America
    Posts
    882
    Thanks
    1
    Thanked 9 Times in 9 Posts
    Magic quotes may be on by default on your host server, but they shouldn't be. They are such a pain in the *** that they have been removed from future versions of PHP. See the page on magic_quotes

    As for mysql_real_escape_string, always use it! As others said, it escapes characters that if left unescaped could break your queries, or even allow users to change or extract data.

    Now as for your original question, mysql_real_escape_string does not effect casing, so it should not have anything to do with ucfirst. Here is your problem:

    PHP Code:
    $name stripslashes(ucfirst($_POST['name']));
    $name mysql_real_escape_string($_POST['name']); 
    You are overwriting the $name variable. Try this:

    PHP Code:
    $name stripslashes(ucfirst($_POST['name']));
    $name mysql_real_escape_string($name); 
    If I'm postin here, I NEED YOUR HELP!!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •