i have a problem, and i can't undertstand why, i'am also new on php, in any case the problem is if i for example want send an email with php,
$email=$con->quote($_POST['Email']);
$to = "$email";
$subject = "example";
$message = "example";
$headers = "From:" . $from;
$mail= mail($to,$subject,$message, $headers);
This don't work, but if i write $email=$_POST['Email'];
This work, and i can't understand why, i prefer work with a quoted variable, for avoid sql injection. Thanks in advice, have a good day!
Related
I want to update a topic with a post id in Wordpress and add it to the end of the post. However, I could not run the code below. Can you help?
wp_update_post(['ID' => $posts->ID,"post_content" => "concat_ws(' ',post_content, 'SECOND')"]);
Normally, this process is done over sql with concat. But I want to use it with php.
The version that works with sql;
update test_user set descrip = concat_ws(' ',descrip, 'SECOND') where Id=2
but I want to run it with php, not sql. How should the first code be?
You can use braces or concatenation operator .
echo "qwe{$a}rty"; // qwe12345rty, using braces
echo "qwe" . $a . "rty"; // qwe12345rty, concatenation used
Also, it much better to use WP_Post class than modify data in tables directly.
Your WP instance can use some db caching layer, or some hooks for posts updating. This functionality can be
potentially broken if you work with tables directly.
$post = get_post( 123 );
$post->post_content = $post->post_content . "Some other content";
wp_update_post( $post );
I'm making a bot in PHP and I want a better way to parse user input into arguments for later operations.
An example would be a user saying "/addresponse -"test" -"works""
I want this to parse that string into:
$command ["test", "works"];
I have found the PHP command parser but I want the user to be able to use human readable commands rather than typing something like /addresponse?p="test"&r="works"
Right now I have a regex working so the user can type "/addresponse "test" "works"" but there are obvious problems because the user cannot make a response for '"test"' only 'test'
I'd appreciate any help, right now I think I can make a regex to get all text between ' -' but I still don't think this is the best solution.
I just looked into using a regex to find text between ' -"' and while this is better than just between quotes, it doesn't solve the whole problem because it still will break if the input contains ' -"'. A string containing this isn't particularly common but I'd like a solution where almost any input will not break it.
Is this a stupid question? I don't think there is a built in php function for this and it got downvoted with no comment...
I found a partial solution:
function parse_cmd($command) {
$command = explode(' -"', $command);
array_splice($command, 0, 1);
foreach($command as &$element) {
$element = substr($element, 0, strlen($element) -1);
}
return $command;
}
This will split everything after ' -"' and return it as an array
Hi im trying to do an API in Perl6 using Bailador, DBIish and Slang::SQL but when I try to use
sql select * from user where nom='"$name"'; do -> $row {
"$row".say;
}
instead of
sql select * from user where nom="try"; do -> $row {
"$row".say;
}
it dont tell me anything :c (obviously $name == "try")
I search for hour on the internet but with no answer. I already try to use only DBIish synthaxe but it end with the same result. Can someone help me :) ?
You should be using place holders is the main reason why. The slang doesn't do quoting of that kind, and even if it did you'd be introducing a point of entry for a SQL injection exploit in your code - unless you escaped quotes in the variable.
Instead try:
sql select * from user where nom = ?; with ($name) do -> $row {
$row.say;
}
Good luck with your app. BTW there's a subreddit that'd be interested in your progress https://www.reddit.com/r/perl6
So I tried Matt Oates's answer but it didn't give me anything back (like if it didn't find anything in the DB). But I finally found the syntax that did the job:
my $email = request.params<email>;
my $db = 'SELECT * FROM user WHERE email=?';
my $do = $*DB.prepare($db);
$do.execute($email);
my %row = $do.fetchrow_hashref;
return (%row);
I am using prepared statements for a search functionality using PDO and I am using the like clause. Mysql is 5.5.32
function dblink(){
# hidden #
$conn = new PDO("mysql:host=localhost;dbname=$database",
$username, $password, array(
PDO::ATTR_PERSISTENT => true,
PDO::ATTR_EMULATE_PREPARES => false,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ
));
return $conn;
}
$conn = dblink();
$query = "select * from tablename where attrib like ? ;";
$stmt = $conn->prepare($query);
$stmt->execute(array($_POST['field']."%"));
$results = $stmt->fetchAll(PDO::FETCH_OBJ);
This dumps all the table contents when user enters % for field in the html form. I thought prepared statement would handle it and there is % in execute so that it matches the substring entered.
How do I use the POST field as normal text only so that it doesn't cause such problem?
This dumps all the table contents when user enters % for field in the html form.
Yes. That's the exact purpose of LIKE operator.
No, it has nothing to do with prepared statement. The latter is used to format your data, not to interfere with query logic.
If you don't like the way your code works - change it. But at the moment it works exactly the way you coded, with no flaws.
I am building a small facebook app. Trying to search for values in an auto compelte manner. Is it possible to use sql's like operator in fql?
Another way for you is to use the strpos(message, "content you want") >= 0. I don't know why, but the IN operator does not run for me. Did anyone try it?
There is no LIKE operator in FQL.
However, you may have luck with the IN operator:
WHERE "Stanford" IN
education_history.name
This page may also help and has sample queries:
FQL
I know this thread is long since dead but I'm sure this may help someone in the future. FQL has its uses in some respects, but as far as searching for public information goes, I would recommend using the new graph api. I compared a simple FQL query with a similar graph query and on average, the graph was almost three times as fast (0.3s vs 0.8s). Here is a my graph example using PHP and CURL:
$search = "platform";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://graph.facebook.com/search?q=".$search."&type=page");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$output = curl_exec($ch);
curl_close($ch);
$fbPages = json_decode($output)->data;
print_r(array_slice($fbPages, 0, 10));
Hope that helps!
PS: if you are not running PHP version 5.2.0 or above you will need a JSON decoder found here.
EDIT: you can find some useful documentation here.