PHP escaping question
Hello, I have just read the following code but do not understand why there is " and also ' used. Thank you! $sql='SELECT uid,name FROM users WHERE user="'.mysql_real_escape_string($_POST['login_name']).'" AND .. ...
Hello, I have just read the following code but do not understand why there is " and also ' used. Thank you! $sql='SELECT uid,name FROM users WHERE user="'.mysql_real_escape_string($_POST['login_name']).'" AND .. ...
I'm doing MVC in PHP, and i'd like to have a list() method inside my Controller, to have the URL /entity/list/parent_id, to show all the "x" that belong to that parent. However, I can't have a method called list(), since it's a PHP reserved keyword. In VB.Net, for example, if I need to have something with a name that clashes with a res...
I have the following string read from an XML elememnt, and it is assigned to a variable called filename. I don't know how to make this any clearer as saying filename = the following string, without leading someone to think that I have a string literal then. \\server\data\uploads\0224.1307.Varallo.mov when I try and pass this to os.p...
I'm trying to escape a user-provided search string that can contain any arbitrary character and give it to sed, but can't figure out how to make it safe for sed to use. In sed, we do s/search/replace/, and I want to search for exactly the characters in the search string without sed interpreting them (e.g., the '/' in 'my/path' would not ...
My question is almost identical to an earlier entry I found here but not quite. I need to parse through a textfile where the data is structured in this way: Each item in the file begins with a # followed by the label. The fields in the post is separated by one or more whitespaces. Here comes the part I'm having problem with. Each field...
By simply converting the following ("the big 5"): & -> & < -> < > -> > " -> " ' -> ' Will you prevent XSS attacks? I think you need to white list at a character level too, to prevent certain attacks, but the following answer states it overcomplicates matters. EDIT This page details it does not prevent more elabor...
I am using adodb with php. I need to insert html into my database, and need to know the best method to escape the quotes before inserting it into the database? I tried using pg_escape_string() but it still does not seem to insert. What is the best method to do this? ...
The documentation below is for a module, which has now been "decommissioned" and I'm writing it's replacement. Before i write the replacement I want to get my terms right. I know the terms are wrong in the documentation - it was hacked together quickly so i could instruct a college working on the hardware side of this project on how to u...
For this word चौरेउत्तमयादव the Unicode is==> \u0938\u0941\u0916\u091A\u0948\u0928\u093E\u0928\u0940 \u0930\u0940\u091D\u0941\u092E\u0932 \u091C\u093F\u0935\u0924\u0930\u093E\u092E and look it has spaces before \u0930 and \u091C But when I am trying in my code String tempString=Strings.toEscapedUnicode(strString); This method to c...
I'm trying to do this in a makefile and it fails horribly: M_ARCH := $(shell g++ -dumpmachine | awk '{split($1,a,"-");print a[1]}') do you know why? I guess it has to do with escaping, but what and where? ...
Hi there I've just started analyzing some data using R - unfortunately I have encountered some problem... I'm reading in a (tab separted) csv file and want to process the data and there is one attribute I am particularly interested (which certainly exists within this csv). This is called: data_transfer.Jingle/TCP.total_size_kb Now when ...
How can I escape an unknown string for passing to Process.Start as an argument? I currently escape basic quotes and backslashes, but recently my input has started to contain things like http://www.fileformat.info/info/unicode/char/ff02/index.htm (Fullwidth quotation mark). So my question is, what all do I need to escape to safely pass ...
How can one insert a Unicode string CSS into CleverCSS? In particular, how could one produce the following CSS using CleverCSS: li:after { content: "\00BB \0020"; } I've figured out CleverCSS's parsing rules, but suffice that the permutations I've thought sensible have failed, for example: li: content: "\\00BB \\0020" // beco...
I need to run the following command from the command line in Windows 7: SumatraPDF.exe -inverse-search "\"C:\Program Files\eclipse\inverse_search.bat\" \"%f\" %l" However I need to modify it a little, since my installation of Eclipse is located in here: C:\Program Files (x86)\Eclipse (C++) How do I escape this line correctly? Do I ne...
I'm reading a sourcefile in Java, but when I print it (sysout), the escaped characters are no longer escaped. How can I escape characters like \n and \t in a string in Java? ...
Here is how I'm currently converting XMLDocument to String StringWriter stringWriter = new StringWriter(); XmlTextWriter xmlTextWriter = new XmlTextWriter(stringWriter); xmlDoc.WriteTo(xmlTextWriter); return stringWriter.ToString(); The problem with this method is that if I have " ((quotes) which I have in attributes) it escapes the...
Or the call to real_escape_string() in such cases is not needed? /Email value comes from user input./ function findUser($email) { $mysqli = connectDB(); $email = $mysqli->real_escape_string($email); $query = "CALL FindUser('{$email}')"; // ... } ...
Could you please tell me how can one escape an apostrophe. I need it to process non apostrophe characters through file operations so when I encounter an apostrophe(') I can't just give ch!='''. It doesn't work. Could you please tell me the right format. Thank you..:) ...
I'm trying to pass the following string: NSString* jsString = [NSString stringWithFormat:@"myFunc(\"%@\");", myParameter]; from Objective C to JavaScript using the stringByEvaluatingJavaScriptFromString, where myParameter is a string value. How can I ensure that the myParameter string doesn't contain any JS-unsafe characters without b...
Hey, what's the easiest way to convert a C++ std::string to another std::string, which has all the unprintable characters escaped? for example for the string of length two which the content 0x61,0x01 - the result string might be "a\x01", or "a%01" Just looking for the easiest already-implemented solution. Specific output format is les...