PHP and Ajax String Input/Output Handling Scenario -


i'm still new string processing in php. below diagram of doing. ultimately, generic methodology handling strings in below scenarios. note text tends lot of math symbols , code syntax in scenario.

the strings , integer input via standard html-based form (i forgot mention in diagram).

step uses: mysql_real_escape_string(input);

step b uses:

  • htmlentities($string2)
  • nothing $string1
  • nothing integer

questions:

  1. regarding mysql injection, mysql_real_escape_string sufficient guard against this?
  2. i still need finish processing output string1. note how text used in 2 different places: html and canvas. htmlentities @ step b make code syntax appear on html5 canvas not in html. vice-versa leaving out (html syntax breaks page). there javascript function identical php's htmlentities?
  3. int form should validated make sure int.
  4. string2 ouputs "null" html when use character ('–') not standard minus-sign character ('-').
  5. magic quotes turned off. however, if run script on server enabled, need short script goes: if(magic quotes enabled){turn off magic quotes}.
  6. what did forget in regard form validation?

if approach totally wrong, set me straight , me straightened out once , all. can describe solution in terms of a, b, c, d , e if think helpful. in advance.

string processing diagram

  1. mysql_real_escape_string() escape code
  2. (a) on javascript end, jquery's .text() method escape code before outputting page. (b) check out php.js. it's javascript library replicates php functionality, , includes htmlentities() , htmlspecialchars(). http://phpjs.org/
  3. as integer, can use ctype_digits() function ensure numeric value; , can use form of type hinting: $int = (int) $int;.
  4. i agree gentleman recommended trying htmlspecialchars().
  5. try keep magic quotes off. it's horrible feature, , removed in future release of php. if need include protection against magic quotes, try similar code below. (see bottom of post)
  6. it's hard without seeing code, seems on right track.

-

if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {     $func = function(&$val, $key) {         if (!is_numeric($val)) {             $val = stripslashes($val);         }     };      array_walk_recursive($_get, $func);     array_walk_recursive($_post, $func);     array_walk_recursive($_cookie, $func);      unset($func); }

Comments

Post a Comment

Popular posts from this blog

c# - SharpSVN - How to get the previous revision? -

i trying find efficient way previous revision of file text comparison using sharpsvn. using (svnclient c = new svnclient()) { c.authentication.defaultcredentials = new networkcredential( configurationmanager.appsettings.get("svnserviceusername") , configurationmanager.appsettings.get("svnservicepassword") , configurationmanager.appsettings.get("svnservicedomain") ); c.authentication.sslservertrusthandlers += new eventhandler<svnsslservertrusteventargs>(authentication_sslservertrusthandlers); collection<svnfileversioneventargs> fileversioncollection = new collection<svnfileversioneventargs>(); svnrevisionrange range = new svnrevisionrange(0, this.hooks.revision); svnfileversionsargs args = new svnfileversionsargs(); args.retrieveproperties = true; args.range = range; foreach (svnchangeitem item in log.changedpaths) { string path = this.repositorypath + it...
Read more

c++ - Is it possible to compile a VST on linux? -

for class project i'm attempting write vst plugin backed cuda. current cuda workflow on linux box, i'd prefer compile , link there. according wikipedia , should possible (i couldn't find steinberg documentation relevant linux) can't find makefile or instructions on how build if aren't using xcode or visual studio. i'm vst 3 sdk doesn't support linux. when try compile plugin under linux, error: ./base/source/fatomic.cpp:39:30: fatal error: libkern/osatomic.h: no such file or directory this issue caused following code in "vst3 sdk/base/source/fatomic.cpp" #if mac #include <libkern/osatomic.h> #if mac_os_x_version_min_required > mac_os_x_version_10_4 #define native_atomic_type (volatile int32_t*) #else #define native_atomic_type (int32_t*) #endif #elif windows #include <windows.h> #endif but hope compiling under linux work vst sdk 2.4. reading. jvstwrapper seems run on lin...
Read more

url - Querystring manipulation of email Address in PHP -

i using third party application (email2http) send me emailid, body , message. unable retrieve email id due name appended on , enclosed < , >. here querystring getting. test.php?from=ajay+reddy &subject=cx&body=somebody when print variable in php returns name , not email id. $from = $_get['from']; echo $from; //output ajay reddy please suggest me how can emailid also. i dont want use post method due testing , debugging. it's working fine. forgot use htmlentities() in debugging.
Read more