Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 14 of 14
  1. #1
    New Coder
    Join Date
    Sep 2007
    Posts
    50
    Thanks
    16
    Thanked 0 Times in 0 Posts

    Problem stripping & string

    I know this is pretty basic but I can't seem to detect the & char in a field. When I debug my .php file I input & char and it echo's as &

    But I can't seem to find "&" to convert it to something I can store in my MySQL table. I'd like to convert & to ~AM~ so I can store it and then convert it back on the screen from ~AM~ to & char.

    Thanks for any help...

  • #2
    Regular Coder LearningCoder's Avatar
    Join Date
    Jan 2011
    Location
    The Pleiades
    Posts
    918
    Thanks
    76
    Thanked 29 Times in 29 Posts
    Have you got any code wrote so far so we can improve on it?

    Kind regards,

    LC.

  • #3
    New Coder
    Join Date
    Sep 2007
    Posts
    50
    Thanks
    16
    Thanked 0 Times in 0 Posts
    Well, here is the test/stub code I am using.

    PHP Code:
    $frm_email_address "&@hotmail.com";
    print 
    "$frm_email_address<br>";
    $p2 str_replace("&amp;","xxx"$frm_email_address);
    print 
    "$p2<br>";
    exit; 
    But I don't see "xxx" at all...

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    & as well as &amp; are perfectly valid to store in SQL. So why exactly do you want to replace them?
    Also, & and &amp; are not the same. &amp; is HTML's entity for &. If you want to replace it, you have to use & (unless of course you are replacing &amp;, in which case you replace that instead).
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #5
    New Coder
    Join Date
    Sep 2007
    Posts
    50
    Thanks
    16
    Thanked 0 Times in 0 Posts
    If I saw just the & it wouldn't be an issue. But when I enter the & char I get &amp; in the field instead. So I'm trying to trap that so I can store the actual &.

    I thought I might have to trap and store something like ~AM~ and then when reading out of the table check for ~AM~ and replace it with &

    I'm ok with just using the & as is but it's being stored as &amp; and I can't figure out how to detect that so I can trap it.

  • #6
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    How are you inserting the data? If its actually an & in the source string, than a conversion indicates its being run through htmlspecialchars or htmlentities. SQL itself will not convert the characters, so its something else your code is doing. And yeah, you don't want to convert it going in, its coming out that you may want to convert it (such as showing code on a forum where you replace the special chars so they are not interpreted as a part of the html - same idea).
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #7
    New Coder
    Join Date
    Sep 2007
    Posts
    50
    Thanks
    16
    Thanked 0 Times in 0 Posts
    I'm not at the point yet where I can insert the data. The code I posted above is all I have at this point. I can't insert the data until I can remove the &amp; string.

  • #8
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Now I'm confused. It won't store it in the db with &amp;, unless its been instructed to do so. If you haven't written a method to do that yet, then you don't need to worry about it - the & will not be converted into an &amp; unless you instruct it to.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #9
    New Coder
    Join Date
    Sep 2007
    Posts
    50
    Thanks
    16
    Thanked 0 Times in 0 Posts
    I see. So when I run my code I posted above, even tho it displays &amp; it won't store it that way you're saying. OK, let me try that. I saw that in the browser and thought it would store it that way.

  • #10
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    You shouldn't be seeing &amp; in an output string. With just what you have here, the character in use is &, not the string &amp;. I can't replicate this either to show anything but the &, so you'll need to show what you are doing to actually get the &amp; in the first place.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #11
    New Coder
    Join Date
    Sep 2007
    Posts
    50
    Thanks
    16
    Thanked 0 Times in 0 Posts
    I'll post a screen shot this evening to show you what I'm seeing in my browser.

    Thanks...

  • #12
    New Coder
    Join Date
    Sep 2007
    Posts
    50
    Thanks
    16
    Thanked 0 Times in 0 Posts
    In my text field I input

    &12345

    and write it to MySQL table and it looks like this in the field:

    &#38amp&#5912345

  • #13
    New Coder
    Join Date
    Sep 2007
    Posts
    50
    Thanks
    16
    Thanked 0 Times in 0 Posts
    I found the problem.

    I was running the field php var thru a 'clenaer' function

    PHP Code:
    function sanitize($var$type)
    {
            switch ( 
    $type ) {

                            case 
    'db_plain'// trim string, no HTML allowed, plain text
                            
    $str1 =  htmlentities trim $var ) , ENT_NOQUOTES );
                            
    $var database_hacker_clean($str1);
                            break;
                    }       
      return 
    $var;

    and when I remmed out that line, the input field wrote to the DB table ok. I don't remember what this function does to the string to mess it up like it did. I guess I'll have to leave it remmed out so it works.

  • #14
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    You'll need to verify that its cleaned properly then since its likely coming from input. Use the mysql_real_escape_string method if you are using mysql, or upgrade to mysqli and use bound variables on a prepared statements (much more secure).
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • Users who have thanked Fou-Lu for this post:

    frank727 (04-08-2013)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •