I have a multidim array from my $_POST but I have to serialize() then save to the database...
Normally, I can serialize but I got some problem with slashes (apostrophe and double quote).
My array seems like this: $array["hu"]["category"]["food"] = "string";
But when the "string" contains "" or '' theres's shit...
I need some short code for add slashes, but thres a lots of wrong solutions out there.
p.s.: I'm a CodeIgniter user.
// update:
function addslashesextended(&$arr_r) {
if (is_array($arr_r)) {
foreach ($arr_r as &$val){
if( is_array($val) ){
addslashesextended($val);
}else{
$val = addslashes($val);
}
}
unset($val);
} else {
$arr_r = addslashes($arr_r);
}
}
Thx!
I think the best solution would be to use the codeigniter input class and active record class . Addslasches/escapes, and most general sanitization will be taken care of for you.
http://codeigniter.com/user_guide/libraries/input.html
http://codeigniter.com/user_guide/database/active_record.html
Related
This is my search code please see then solution, thank you.
You have to use like this
$report_ex = Expenses::where(condition)->where(condition)->get();
or
$report_ex = Expenses::where(condition)->where(condition)->first();
If you are using
$report_ex = Expenses::where(condition)->where(condition)->first();
then you need to call
if(!empty($report_ex))
{
// your code
}
else
{
//your code
}
But if you are using
$report_ex = Expenses::where(condition)->where(condition)->get();
then you should use
if(count($report_ex) > 0)
{
// your code
}
else
{
// your code
}
since get function returns an empty object
Say I need to check some URI before I serve some result. I can do something like this:
sub type-routes {
route {
get -> Str $type where $type ∈ #food-types {
my %ingredients-table = $rrr.calories-table;
my #result = %ingredients-table.keys.grep: {
%ingredients-table{$_}{$type} };
content 'application/json', #result;
}
get -> Str $type where $type ∉ #food-types {
not-found;
}
}
}
Basically, different signature for existing and non-existing products in this case. However, that same URI is going to be used all across routes. It would be interesting to be able to check it before any route gets matched, so that when it arrives to the route block, we know that it's OK. That way it could also be reused across different routes.
I have checked before and before-match, and apparently you can do it, but you need to analyze the request object to get to that, there's no simple way of doing it.
Alternatively, would there be any way of defining a "fallback-route" so that if an URI is not found, not-found is returned?
Before giving the middleware answer, my first resort in situations like this is usually a subset type:
sub type-routes {
route {
my constant #food-types = <burgers pizzas beer>;
my subset Food of Str where { $^type ∈ #food-types }
get -> Food $type {
my %ingredients-table = $rrr.calories-table;
my #result = %ingredients-table.keys.grep: {
%ingredients-table{$_}{$type} };
content 'application/json', #result;
}
}
}
This way, Food can be used across as many routes as you wish. There's no need for a fallback route (either in this solution or that in the original question) to produce not-found, because the router automatically produces that when no route matches the path segments anyway.
If wanting to go the middleware way, however, then the easiest approach is to obtain the path-segments of the request and check against the appropriate part:
sub type-routes {
route {
my constant #food-types = <burgers pizzas beer>;
before {
not-found unless request.path-segments[0] ∈ #food-types;
}
get -> Str $type {
content 'application/json', <123 456>;
}
}
}
I have spent nearly two days going in circles on this one.
I seem to have difficulty using $_SESSION or $_POST as strings in any query or converting them to strings to use.
I am using a simple hash approach to login to a site.
Extract from script is
<?php
session_start();
echo "******Running Authenticate<br>";
echo "data submitted<br>".$_POST['site_login']."<br>".$_POST['site_password']."<br><br>";
$SiteLogin = $_POST['site_login']
$_SESSION['site_login'] = $_POST['site_login'];
$_SESSION['site_password'] = $_POST['site_password'];
$_SESSION['session_id'] = session_id();
$_SESSION['Now_val'] = date('Y-m-d H:i:s');
//include 'showallvars.php';
include 'dbconfig.php';
// Prepare our SQL
if ($stmt = $con->prepare('SELECT site_index, site_password FROM web_sites WHERE site_login = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$stmt->bind_param('s', $_POST['site_login']);
$stmt->execute();
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $password);
$stmt->fetch();
echo "account exists";
}
else
{
header('Location: badindex.php');
}
if (password_verify($_POST['site_password'], $password)) {
// Verification success! User has loggedin!
echo "password good";
}
else
{
header('Location: badindex.php');
}
}
$_SESSION['loggedin'] = TRUE;
?>
that works fine
BUT there is another field ( 'site_name') in the record which i want to carry forward.
This should be easy !!
and there is a dozen ways of doing it
for example the "standard" example is something like
$name = $mysqli->query("SELECT site_name FROM web_sites WHERE site_login = 'fred'")->fetch_object()->site_name;
That works fine
but no matter how i try - concatenating or or ... I cannot get $_SESSION['site_login'] or $_POST['site_login'] to replace 'fred'.
There seems to be white space added in.
Assistance or guidance ?
It should be possible to as easy as doing the following:
So:
if ($stmt = $con->prepare('SELECT site_index, site_password
FROM web_sites WHERE site_login = ?')) {
becomes:
if ($stmt = $con->prepare('SELECT site_index, site_password, site_login
FROM web_sites WHERE site_login = ' . $SiteLogin)) {
Do note, it is bad practice to do directly parse $SiteLogin to a query, because now someone can SQL Inject this and hack your website. All they need to do is use your form and figure out that which field is responsible for $SiteLogin. You would need to escape your $SiteLogin. Assuming Mysqli, it would become:
if ($stmt = $con->prepare('SELECT site_index, site_password, site_login
FROM web_sites WHERE site_login = ' . $con->real_escape_string($SiteLogin))) {
Thank you for that BUT the instant I saw the curly brackets in your answer - it all came flooding back to me. I had forgotten that PHP has problems with the square brackets
$sql = ("SELECT site_name FROM web_sites WHERE site_login = '". $_SESSION{'site_login'} ."' LIMIT 1");
I KNEW it was easy !
Your comments on injection are of course correct but this was an edited code excerpt and $SiteLogin was just added in as a "temporary working variable if needed"
I have made code with is work great for me, but I want to make email validation to require # on the field. Here is the code
if (!$('#contact_email').val()) {
if ($("#contact_email").parent().next(".validation").length == 0) // only add if not added
{
$("#contact_email").parent().after("<div class='validation' style='color:red;margin-bottom: 20px;'>Ange e-postadress</div>");
}
e.preventDefault(); // prevent form from POST to server
$('#contact_email').focus();
focusSet = true;
} else {
$("#contact_email").parent().next(".validation").remove(); // remove it
}
And the input is
<input type="text" class="form-control" placeholder="E-post" name="Email" id="contact_email" onblur="validate()">
I dont use basic email field because I don't want to be on english.
How can i implement # to be required on this text input. Thank you
Hey Use This function:
function validateEmail(email) {
var re = /^(([^<>()[\]\\.,;:\s#"]+(\.[^<>()[\]\\.,;:\s#"]+)*)|(".+"))#((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
return re.test(email);
}
found here:
Validate email address in JavaScript?
Try this for email validation:
function isEmail(email) {
var mailformat = /^\w+([\.-]?\w+)*#\w+([\.-]?\w+)*(\.\w{2,3})+$/;
if (email.match(mailformat)) {
return true;
} else {
return false;
}
}
Checking as follows:
if (email != "") {
if (!isEmail(email)) {
alert("invalid");
}
}
You can use regular expression to check for an "#" and a "." field.
Regex:
var regex= /\S+#\S+\.\S+/;
return regex.test(email);
The above code will return true if the regular expression is matched. This expression checks for an # and a . to be present in the given string.
Heres the documentation on .test http://www.w3schools.com/jsref/jsref_regexp_test.asp
I've noticed other answers have better regular expressions as the above will allow for multiple #'s and .'s to be present.
Im trying to pull in the name of the discount code currently applied to the cart into the calculation.php file. The name of the discount code is optionalTax but Im having trouble passing it through or retrieving it directly. Its appears to be referenced as $quote->getCouponCode() in mage/sales/model/quote.php and I want to use it in
mage/tax/model/calculation.php
Anyone have any idea on how to call it in as I've tried using the model as per (which I think is correct)
public function calcTaxAmount($price, $taxRate, $priceIncludeTax=false, $round=true)
{
$taxRate = $taxRate/100;
if ($priceIncludeTax) {
$amount = $price*(1-1/(1+$taxRate));
} else {
$cModel = Mage::getModel('catalog/sales');
$thisDiscountCode = $cModel->$quote->getCouponCode();
die($thisDiscountCode);
$amount = $price*$taxRate;
}
if ($round) {
return $this->round($amount);
} else {
return $amount;
}
}
Chris
you need to get the quote from right model i guess:
Mage::getSingleton('checkout/session')->getQuote();