For my school homework I have to create a function that uses trim(), htmlspecialchars() and mysql_real_escape_string() to prevent SQL- and HTML injection.
I've been trying for a while but I can't get it to work. I've tried a foreach loop and an extract function. I must be doing something wrong, or missing something.
So far, I've got this: (just to see if the variables are being processed)
foreach ($_Post as $Key => $Value) {
$$Key = $Value;
echo $$Key."<br>";
}
But it won't return anything.
I can use the trim etc on every variable on its own, but there must be a much easier way.
I've got the $_POST variables 'voorletters', 'tussenvoegsel', 'naam', 'adres', 'huisnummer' (numbers), 'telefoon' (numbers), 'postcode', 'woonplaats', 'geslacht', 'email' and 'wachtwoord' (password).
Please help me :(! I'm a beginner concerning php, so please try to explain thoroughly.
What about this
foreach($_POST as $key => $value) {
echo 'Current value in $_POST["' . $key . '"] is : ' . $value . '<br>';
$_POST[$key] = your_filter($value);
}
where your_filter() is your function calling trim, htmlspecialchars, etc. :
function your_filter($value) {
$newVal = trim($value);
$newVal = htmlspecialchars($newVal);
$newVal = mysql_real_escape_string($newVal);
return $newVal;
}
Pay attention to the variable name too which is $_POST not $_Post.
You don't need to use $$ here, you have the key name in the loop in $key and you can access/replace the value in the array with $_POST[$key]
EDIT : added an echo to print current value
EDIT2 : added an example of your_filter() function
// $_POST = array('voorletters' => '<<', 'tussenvoegsel' => '>>', 'naam' => '<<');
foreach($_POST as &$val) //pass any post value by reference
$val = mysql_real_escape_string(htmlspecialchars(trim($val)));
extract($_POST);
echo $voorletters;
echo $tussenvoegsel;
echo $naam;
foreach ($_POST as $Key => $Value) {
echo yourFunctionName($Value)."<br/>";
}
Try This...
function real_escape_and_trim($value)
{
$value = trim($value);
$value = mysql_real_escape_string($value);
return $value;
}
foreach($_POST as $key => $value)
{
$_POST[$key] = real_escape_and_trim($value);
}
$field_name = $_POST['field_name'];
Related
Hello Laravel Community,
I am new to Laravel and still learning.
Suppose I query data by using the following code
$User = User::where(['UserID' => $request->UserID])->first();
and I have an associative array
$Data = array(
['Username'] => 'Updated Username',
['UserEmail'] => 'Updated#gmail.com'
);
I wanted to load the associative array to the collection, something like
$User->load($Data);
I don't want to assign every field one by one, for example
$User->Username = $Data['Username'];
$User->UserEmail = $Data['UserEmail'];
Is there a way to do this?
Thank you.
**You can try with foreach loop.**
$User = User::where(['UserID' => $request->UserID])->first();
foreach($Data as $key => $value){
$User->$key = $value;
}
For check the value is assign or not then use
dd($User->getAttributes());
$Data = array(
['Username'] => 'Updated Username',
['UserEmail'] => 'Updated#gmail.com'
);
$User = User::where(['UserID' => $request->UserID])->first();
$User->fill($Data);
In prestashop there is an option that asks you if you want to remove all the products in the category you want to remove, do you know which is the way with the API?
https://devdocs.prestashop.com/1.7/webservice/tutorials/prestashop-webservice-lib/delete-resource/
<?php
try {
$webService = new PrestaShopWebservice('http://example.com/', 'ZR92FNY5UFRERNI3O9Z5QDHWKTP3YIIT', false);
$id = 2;
$webService->delete([
'resource' => 'customers',
'id' => $id, // Here we use hard coded value but of course you could get this ID from a request parameter or anywhere else
]);
echo 'Customer with ID ' . $id . ' was successfully deleted' . PHP_EOL;
} catch (PrestaShopWebserviceException $e) {
echo 'Error:' . $e->getMessage();
}
In its web site it only shows an example to remove categories.
Iterate on products and delete. Example for 1 language shop, 10000 products catalog:
$products = Product::getProducts(1, 0, 10000, 'id_product', 'DESC', $id_category_to_remove);
$webService = new PrestaShopWebservice($yourUri, $yourKey, false);
foreach ($products as $product) {
$webService->delete([
'resource' => 'products',
'id' => $product['id_product'],
]);
}
Sorry , I have a problem with this script :
It's for get tweet with specific id ;
$tweetlist = $twitter->get('https://api.twitter.com/1.1/statuses/show.json?id=694658584664236033');
foreach ($tweetlist->statuses as $key => $value) {
$message = utf8_decode($value->text);
echo $message;
}
Warning: Invalid argument supplied for foreach()
Thank you so much for your help
Nicolas
remove ->statuses, like:
$tweetlist = $twitter->get('https://api.twitter.com/1.1/statuses/show.json?id=694658584664236033');
foreach ($tweetlist as $key => $value) {
$message = utf8_decode($value->text);
echo $message;
}
I have a form that I am using to allow people to input data and then upload a preset picture. I want to label that picture as the form_id. I am able to run a LAST_INSERT_ID() query and display it after I insert the form in my view but I can't seem to echo that information out anywhere else. I need the query to select_last_id to run after my $update query or the ID number will be off. Could anyone assist in helping me pass just the value of the row to my view? Here is the code from my controller.
function inspection() {
if($this->input->post('submit')) {
$array = array(
'trlr_num' => $this->input->post('trlr_num'),
'seal' => $this->input->post('seal'),
'damaged' => $this->input->post('damaged'),
'truck_num' => $this->input->post('truck_num'),
'driver_name' => $this->input->post('driver_name'),
'car_code' => $this->input->post('car_code'),
'origin' => $this->input->post('origin'),
'lic_plate' => $this->input->post('lic_plate'),
'del_note' => $this->input->post('del_note'),
'live_drop' => $this->input->post('live_drop'),
'temp' => $this->input->post('temp'),
'level' => $this->input->post('level'),
'ship_num' => $this->input->post('ship_num'),
'trlr_stat' => $this->input->post('trlr_stat'),
'comment' => $this->input->post('comment')
);
$update = $this->trailer_model->insert_form($array);
$query = $this->trailer_model->select_last_id();
$result =& $query->result_array();
$this->table->set_heading('ID');
$data['table'] = $this->table->generate_table($result);
unset($query,$result);
}
$level = $this->trailer_model->select_fuel_level();
$result = $level->result_array();
$data['options'] = array();
foreach($result as $key => $row) {
$data['options'][$row['level']] = $row['level'];
}
unset($query,$result,$key,$row);
$data['label_display'] = 'Fuel Level';
$data['field_name'] = 'level';
$status = $this->trailer_model->select_trailer_type();
$result = $status->result_array();
$data['options1'] = array();
foreach($result as $key => $row) {
$data['options1'][$row['trlr_stat']] = $row['trlr_stat'];
}
unset($query,$result,$key,$row);
$data['label_display1'] = 'Trailer Status';
$data['field_name1'] = 'trlr_stat';
$data['page_title'] = 'Trailer Inspection';
$data['main_content'] = 'dlx/inspection/trailer_inspection_view';
return $this->load->view('includes/template',$data);
}
}
Anything you want to display on a view, you must pass to it.
When you're setting $data, you missed adding $query to it.
Controller:
I understand that $query = $this->trailer_model->select_last_id(); is returning just an ID, so:
$data['last_id'] = $query;
But if $query = $this->trailer_model->select_last_id(); does not return just an ID, but an array or something else, you shall include to return the ID in your model method. Actually, it'd be crucial to know what $this->trailer_model->select_last_id(); is returning.
View:
echo $last_id; -> must echo the last ID, if select_last_id() method from your model returns what it has to return.
this is my code, i am trying to post tweet with image, but only text get posted?I really really want to post image as well. I am pulling my hair out for that, HELP!!?
<?php
error_reporting(E_ALL);
require_once('TwitterAPIExchange.php');
//echo 'start';
/** Set access tokens here - see: https://dev.twitter.com/apps/ **/
require_once('connect.php');
$recid=$_GET['recid'];
//echo $recid;
$dsn='mysql:host='.$hostname.';dbname=twitter_db';
try{
$dbh=new PDO($dsn,$username,$password);
$dbh->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
$stmt=$dbh->prepare("SELECT * FROM gr_twitter WHERE recid=:recid");
$stmt->execute(array(
'recid'=>$recid
));
$foundResult=$stmt->fetchAll();
$tweetmsg=$foundResult[0]['tweet'];
$tweetImage=$foundResult[0]['tweetImageName'];
$timestamp=$foundResult[0]['sentTimestamp'];
print_r($foundResult);
$stmt2=$dbh->prepare("UPDATE gr_twitter SET sent=1 WHERE recid=:recid");
$stmt2->execute(array(
'recid'=>$recid
));
}
catch(PDOException $e){}
// Perform a GET request and echo the response **/
/** Note: Set the GET field BEFORE calling buildOauth(); **/
$url = 'https://api.twitter.com/1.1/statuses/update.json';
$requestMethod='POST';
////images is stored in D:\Databases\RC_Data_FMS\images\Files\images\tweetImage folder
$tweetImage='D:\Databases\RC_Data_FMS\images\Files\images\tweetImage/images.jpg';
$postfields = array(
'status' => $tweetmsg,
'media' => "#{$tweetImage}"
);
/** POST fields required by the URL above. See relevant docs as above **/
//print_r($postfields).'<br />';
$twitter = new TwitterAPIExchange($Yh_settings);
$response= $twitter->buildOauth($url, $requestMethod)
->setPostfields($postfields)
->performRequest();
echo "Success, you just tweeted!<br />";
var_dump(json_decode($response));
//////////////////////////////////////////////////////////////////////////
function objectToArray($d)
{
if (is_object($d)) {
// Gets the properties of the given object
// with get_object_vars function
$d = get_object_vars($d);
}
if (is_array($d)) {
/*
* Return array converted to object
* Using __FUNCTION__ (Magic constant)
* for recursive call
*/
// return array_map(__FUNCTION__, $d);
} else {
// Return array
// return $d;
}
}
?>
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
I recommend you to use tmhOAuth library if you want to post images that are located in your server.
Here you have an example:
<?php
require_once('./tmhOAuth.php');
$tmhOAuth = new tmhOAuth(array(
'consumer_key' => CONSUMER_KEY,
'consumer_secret' => CONSUMER_SECRET,
'user_token' => OAUTH_TOKEN,
'user_secret' => OAUTH_TOKEN_SECRET
));
$tweetText = 'Your text here';
$imageName = 'picture.png';
$imagePath = dirname(__FILE__) . DIRECTORY_SEPARATOR . $imageName;
$code = $tmhOAuth->request(
'POST',
$tmhOAuth->url('1.1/statuses/update_with_media'),
array(
'media[]' => "#{$imagePath};type=image/png;filename={$imageName}",
'status' => $tweetText
),
true, // use auth
true // multipart
);
?>
Hope this helps!