It might be a bit unusual, but I need to echo <?php. However, I think that PHP treats it as an actual <?php and starts executing code instead of treating it as a string. How can I escape <?php and ?> so they can be treated as strings? There was nothing in the manual about this. Thanks, I know this is a bit unusual. ...
I have several Lua scripts that run experiences and output a lot of information, in text files and in the console. I'd like to add some colors in the console output, to make it more readable. I know that it's possible to color the output of bash scripts using the ANSI escape sequences. For example : $ echo -e "This is red->\e[00;31mRE...
In Ruby on Rails, for conditions, it's easy to make SQL-injection-proof queries: :conditions => ["title = ?", title] where title comes from the outside, from a web form or something like that. But what if you are using SQL fragments in other parts of the query, like: :select => "\"#{title}\" AS title" # I do have something like th...
I've been told that I'd be better using PDO for MySQL escaping, rather than mysql_real_escape_string. Maybe I'm having a brain-dead day (or it may be the fact I'm by no stretch of the imagination a natural programmer, and I'm still very much at the newbie stage when it comes to PHP), but having checked out the PHP manual and read the en...
In PHP, $_POST add slashes before a quotation mark automatically, so why bother applying mysql_real_escape_string()? For example, when I input 'rrr in an input field, and I get \'rrr when I echo it. ...
Note: I'm using Zend Framework, but I think most of this applies to PHP coding in general. I'm trying to choose a strategy for writing views scripts, possibly with the help of a templating engine. Motivations: clarity and security. I'm just not happy with writing .phtml scripts. This syntax is awfully verbose to do the most often needed...
By the looks of the SugarCRM soap api you just seem to pass raw SQL into the restriction part of the get_entry_list function call. Is there a way to escape the values being passed into the restriction correctly without knowing the target database the SugarCRM instance is running on ? For example if I have something like // connect to...
I'm having some trouble dealing with this. This is inside my Zend_Form: $about = $this->addElement('textarea', 'about', array( 'label' => 'About:', 'description' => 'some <strong>description</strong>', 'required' => false, 'filters' => array('StringTrim'), 'validator...
Hello, I'm making a program that asks for a path, and Windows' paths contain backslashes, which can be interpreted as an escape sequence by python if the letter right next is the wrong one. I tried string.replace() but it doesn't work as these backslashes get transformed into escape sequences before having the replace function executed. ...
I'm sure this is something really basic that I don't know but how do I make it not recognize "\" as an escape sequence inside a string I'm trying to type in a path and it thinks it is an escape sequence ...
In nodejs, the only way to execute external commands is via sys.exec(cmd). I'd like to call an external command and give it data via stdin. In nodejs there does yet not appear to be a way to open a command and then push data to it (only to exec and receive its standard+error outputs), so it appears the only way I've got to do this right ...
Hi, I've got an object, which contains semicolons in the property names, when I var_dump, I get: object(Sales) { [thisisa:propertyname] => 'some value' } So, how do I access the property? $object->thisisa:propertyname throws an error. I read somewhere a while ago you can wrap thisisa:propertyname in some characters (I've tried ...
Apparently, this is harder to find than I thought it would be. And it even is so simple... Is there a function equivalent to PHP's htmlspecialchars built into Javascript? I know it's fairly easy to implement that yourself, but using a built-in function, if available, is just nicer. For those unfamiliar with PHP, htmlspecialchars transl...
I am transforming xml to html using xslt in .Net 1.1. One part contains a javascript section where 2 vars are ANDed (&&). The transform throws an unknown entity error. What can I do? I have tried 'CDATA' and 'disable-output-escaping' but without success. If I write && then the output is also '&&'. Here is my code. (trimmed for clarity...
I am trying to .split() a hex string i.e. '\xff\x00' to get a list i.e. ['ff', '00'] This works if I split on a raw string literal i.e. r'\xff\x00' using .split('\\x') but not if I split on a hex string stored in a variable or returned from a function (which I presume is not a raw string) How do I convert or at least 'cast' a stored/r...
I'm trying to URL-escape (percent-encode) non-ascii characters in several URLs I'm dealing with. I'm working with a flash application that loads resources like images and sound clips from these URLs. Since the filenames can contain non-ascii characters, like so: 日本語.jpg I escape them by utf-8 encoding the characters, and then percent-esc...
Hey, I'm taking a look at how to properly escape data that comes from the outside world before it gets used either for application control, storage, logic.. that kind of thing. Obviously, with the magic quotes directive being deprecated shortly in php 5.3.0+, and removed in php6, this becomes more pressing, for anyone looking to upgrad...
I would like to add things like bullet points "•" and such to html using the XML Builder in Nokogiri, but everything is being escaped. How do I prevent it from being escaped? I would like the result to be: <span>•</span> rather than <span>&#8226;</span> What am I missing? I'm just doing this: xml.span { xml...
That's my code but that says not well formed.... How can i correct that? <ItemTemplate> <asp:HyperLink ID="HyperLink1" runat="server" Text='<%# Eval("Name") %>' onClick="<%#"javascript:popUp(\'gallery_detail.aspx?cat_id=\""+ Eval("ID") +"\"\')"%>"></asp:HyperLink> <br /> <br /> </ItemTemplate> ...
I'm trying to put some anti sql injection in place in java and am finding it very difficult to work with the the "replaceAll" string function. Ultimately I need a function that will convert any existing \ to \\, any " to \", any ' to \', and any \n to \\n so that when the string is evaluated by MySQL SQL injections will be blocked. I'v...