FormHandler - Forum Index / General / quotes and backslashes

Forum Index / General / quotes and backslashes

[ This topic is unsolved! ]

Recmo D.

02 April 09 / 16:46

Hi,
I've searched for a while now but cannot find an answer to my problem.
My config: Win2K server, MS-SQL server 2000, Apache 2.2.9, PHP 5.2.6, Formhandler :)

Note: To avoid quote problems in this post I replace them with , (comma)

The problem:
I call the page (see code below): edit.php?order_id=2
The first time the field name is empty.
Then I fill it with AABB and press enter
The page reloads the form, it says okidoki, the value AABB is stored in de the database and the form contains AABB.
When I change it to AA,BB and press enter the same happens, which is fine. AA,BB in the database and in the form on the screen again.
Now...
When I close the browser and then reopen it (as a complete new load of the page and no cache or back function) and go to my page again the same way then it displays the following: AA\,BB which is bad.
But... The database contains AA,BB which is good.
Now when I only hit the save button the database is also goes bad AA\,BB.
Then it goes from bad to worse because the \ is escaped to \\ so I finally end up with unwanted \ in my database and on the screen.
My magic quotes are ON and that and the needs to stay that way because this is just one of many other scripts on my server.
Somehow somewhere there is a problem with the escaping of , and \

Last thing to say: help :D

The code for edit.php is:
<html>
<body>

<?
    include_once("fh3/class.dbFormHandler.php");
    define("FH_EDIT_NAME", "order_id");

    $form=&new dbFormHandler();

    $form->dbInfo("orders", "tbl_orders", "mssql");
    $form->dbConnect("192.168.0.45", "aaa", "bbb");

    $form->textField("name", "name", FH_STRING, 20, 20);

    $form->submitButton("save");
    $form->onSaved("doOrderEditRun");

    $form->flush();

    function doOrderEditRun($id, $data)
    {
        echo "okidoki";

        return false;
    }
?>

</body>
</html>

	Johan Wiegel ^(Admin)	02 April 09 / 17:22
how is Magic Quotes set in your php configuration? (enabled or disabled)

	Recmo D.	02 April 09 / 18:35
Changed at 02 April 09 / 18:50 It's on.. Can't be set to off due to other scripts that needs it on. magic_quotes_gpc = On PS: Thanks for the login info.. don't understand why I missed that..

Recmo D.

03 April 09 / 09:53

The php ini setting magic_quotes_gpc is not the issue.
I tested the problem without FH3 plain and simple and come to the conclusion that mssql_fetch_assoc escapes the database value so $ becomes \$.
This is on my server... I can't say it for others.
Is this also a setting which can be done in some ini file?

<?
$connection=mssql_connect ("10.0.0.45", "aaa", "bbb");
$db_selected = mssql_select_db("orders", $connection);

$query = "SELECT * FROM tbl_orders";
$result = mssql_query($query);

while($row = mssql_fetch_assoc($result))
{
echo '<li>' . $row['bedrijfsnaam'] . '</li>';
}
?>

Recmo D.

03 April 09 / 15:32

I've solved it for my situation but I guess some more attention is needed by you guys..
Somewhere somehow the addslashes, magicquotes, posts and database reads were not going as it should. This is my workaround:

<?
  // file: fh3/yadal/class.mssql.php

    function getRecord( $sql )
    {
            $record = mssql_fetch_assoc( $sql );

            if (is_array($record))
            {
                foreach($record as $key=>$value)
                {
                    $record[$key]=stripslashes($value);
                }
            }

            return $record;
    }
?>

<?
  // file: fh3/fields/class.TextField.php

    function getField()
    {
        // view mode enabled ?
        if( $this -> getViewMode() )
        {
            // get the view value..
            return $this -> _getViewValue();

        }

                $tmp=(isset($this->_mValue) ? htmlspecialchars($this->_mValue):'');
                $tmp=str_replace("\\", "\\\\", $tmp);

        return sprintf(
          '<input type="text" name="%s" id="%1$s" value="%s" size="%d" %s/>%s',
          $this->_sName,
          $tmp,                                        // (isset($this->_mValue) ? htmlspecialchars($this->_mValue):''),
          $this->_iSize,
          (!empty($this->_iMaxlength) ? 'maxlength="'.$this->_iMaxlength.'" ':'').
          (isset($this->_iTabIndex) ? 'tabindex="'.$this->_iTabIndex.'" ' : '').
          (isset($this->_sExtra) ? ' '.$this->_sExtra.' ' :''),
          (isset($this->_sExtraAfter) ? $this->_sExtraAfter :'')
        );
    }
?>

Top