I'm using javascript to request a image generated by the server in real time. The parameter is passed in the url and grabbed by MVC, and set in the "id" parameter to the controller. Like this: Public Function Index(ByVal id As String) As ActionResult This works fine if i dont use any special characters, like "?" or quotes. To send t...
So this is something we all should know about, and played on my mind when I first seen it.. I know that mysql_escape_string is depreciated from 5.3 but what was the actual difference in mysql_real_escape_string. What I thought was that mysql_real_escape_string is the exact same as mysql_escape_string apart from mysql_real_escape_string...
I want the following output:- About to deduct 50% of € 27.59 from your Top-Up account. when I do something like this:- $variablesArray[0] = '€'; $variablesArray[1] = 27.59; $stringWithVariables = 'About to deduct 50% of %s %s from your Top-Up account.'; echo vsprintf($stringWithVariables, $variablesArray); But it gives me this erro...
Certain data types, I.E. numbers or a table name cannot be added as a parameter with PDO, as it adds single quotes around them. When I add them (the variables) manually, say something like this: $statement = $dbh->prepare("INSERT INTO $TABLE_NAME (id, foo, timestamp) VALUES (1234, ?, 4567890))"); $statement->execute(Array($foo)); ...
What function should I use to escape strings for shell command argument in C? I have a string: This is a string with () characters This will be error: echo This is a string with () characters These are OK: echo "This is a string with () characters" echo This is a string with \(\) characters Is there a predefined function convert ...
Hey there. On my website visitors can do some inline editing. I use ajax for it with a MySQL database and PHP. I expect the Dutch language to be used on the website. My challenge is to get the character encoding to work well. I could use advice on: the database (do i use utf-8? latin1_swedish_ci) the tables in the database (i'...
In the HTML file, I need to show some XML code. The problem is that I can't use <pre>..</pre> to show '<' and '>'. What would be the solution for this problem? ADDED From the answer, replacing '<' and '>' to < and> can be a solution. I'm an Emacs user, are there Emacs tools/magic to do that automatically? I mean, I can us...
Hi All, On an older server I'm using that I can't use prepared statements on I am currently trying to fully escape user input before sending it to MySQL. For this I am using the PHP function mysql_real_escape_string. Since this function does not escape the MySQL wildcards % and _ I am using addcslashes to escape these as well. When I s...
I want to enable my users to specify the allowed characters in a given string. So... Regex's are great but too tough for my users. my plan is to enable users to specify a list of allowed characters - for example a-z|A-Z|0-9|, i can transform this into a regex which does the matching as such: [a-zA-Z0-9,]* However i'm a little l...
Sitecore provides a way of escaping words within a Sitecore query that contain characters that they don't like. Such characters include hyphens and spaces. In the interest of simplifying my life, I wrote a simple helper function that would escape every part of a Sitecore query, and it worked fine for a while: public static string Escape...
>>> sample = "hello'world" >>> print sample hello'world >>> print sample.replace("'","\'") hello'world In my web app I need to store my python string with all single quotes escaped for manipulation later in the client browsers javascript. Trouble is python uses the same backslash escape notation so the replace operation as detailed ab...
I need to escape all special characters and replace national characters and get "plain text" for a tablename. string getTableName(string name) My string could be "šárka65_%&." and I want to get string I can use in my database as a tablename. ...
I need to strip out a few invalid characters from a string and wrote the following code part of a StringUtil library: public static String removeBlockedCharacters(String data) { if (data==null) { return data; } return data.replaceAll("(?i)[<|>|\u003C|\u003E]", ""); } I have a test file illegalCharacter.txt with one l...
I'm just getting started with RoR (and web development in general).I know that when outputting user-supplied data we should escape it with the h() helper. Is there a way to ensure that all form data (params?) received by an action is guaranteed to be escaped automatically? (I do understand that it's a wise decision to escape HTML when di...
Updated The textarea i have provided in the form takes the user input as strings String Containing double quotes is inserted incomplete in DB.. I have a string inserted in text area as "Don't worry too much about layout/design/text size, we will often "spice up" (i.e. bold, italic, spacing) your banner for a better overal...
I'm a webdeveloper with an emphasis on server-side programming. What little I've tinkered with JavaScript, I've done with externally referenced files or event handlers, and the barest minimum of an initialising function call between <script> tags. As such it came as a surprise to me about a week ago that the data between <script> tags i...
To pass a path with spaces to .NET console application you should escape it. Probably not escape but surround with double quotes: myapp.exe --path C:\Program Files\MyApp becomes new string[] { "--path", "C:\Program", "Files\MyApp" } but myapp.exe --path "C:\Program Files\MyApp" becomes new string[] { "--path", "C:\Program Files\MyApp"...
public function receiveDomainNames($keyword) { try { $stmt = $this->_dbh->prepare("SELECT d.someField FROM domain d WHERE d.someField LIKE :keyword"); $someField = '%'.$keyword.'%'; Do we need to escape $keyword on this case? On php manual we can read: If an application exclusively uses prepared statements, the develop...
Hi, I am trying to use a string that contains double quotes in the title attribute of an anchor. So far I tried these: <a href=".." title="Some \"text\"">Some text</a> <!-- title looks like `Some \` --!> and <a href=".." title="Some "text"">Some text</a> <!-- title looks like `Some ` --!> Please note that using single q...
Dear all, need some help from smarty expert. I am new in smarty template engine. I would like to escape a single quote in a string, how can I do that inside my .tpl I got a if else condition $current_category.category eq 'King's Tea' the problem is the 'King's Tea' , that is my category name, I tried 'King\'s Tea' , Smarty can't c...