mysql - mysql_real_escape_string ISSUE -

-

if type

'

into search bar mysql error "sting" has not been escaped- think.

but reason why cant escape because dont think string.

the search box generates search results dynamically ajax type , finds results error:

    have error in sql syntax; check manual corresponds mysql server version right syntax use near '%' or location '%'%' or map '%'%' limit 0, 16' @ line 2

this mysql query:

<?php      if($_post['q']!=""){   include $_server['document_root'] . "/include/datebasecon.php";         $result = mysql_query("           select id, name, location,  map           accommodation name '%".$_post['q']."%' or location '%".$_post['q']."%' or map '%".$_post['q']."%' limit 0, 16")          or die(mysql_error());         $output = "";         while($row = mysql_fetch_array($result)){             $n = preg_replace("/(".$_post['q'].")/i","<span>$1</span>",$row['name']);             $l = preg_replace("/(".$_post['q'].")/i","<span>$1</span>",$row['location']);             $m = preg_replace("/(".$_post['q'].")/i","<span>$1</span>",$row['map']);             $output .= "<p>".$n." - ".$l."</p>";             }          print $output;      } ?>

is there anyway can fix after post query maybe?

when magic_quotes_gpc off (as should be!), $_post['q'] string ', 1 character. that's why it's appearing in sql code this:

%' or location '%'%' or map '%'%' limit 0, 16

the error takes place @ '%'%' because like string being prematurely terminated.

you can use mysql_real_escape_string() on $_post['q'] , it'll escaped:

$q = mysql_real_escape_string($_post['q']); $result = mysql_query("   select id, name, location,  map   accommodation name '%".$q."%' or location '%".$q."%' or map '%".$q."%' limit 0, 16")  or die(mysql_error());

Comments

Post a Comment

Popular posts from this blog

C#: Application without a window or taskbar item (background app) that can still use Console.WriteLine() -

-
i'm trying create application adheres following: no taskbar no console or form window can utilize console.writeline() . (i.e. if executes app command prompt write console.) the problem if create windows form (or wpf) application can have there no taskbar, console or window show up, console.writeline() nothing. if create console app, writes console, can't figure out how hide (and if did hide it, write command prompt window?)... how do this? just create standard console application. callers responsibility hide window caused program (from how run c# console application console hidden ): system.diagnostics.processstartinfo start = new system.diagnostics.processstartinfo(); start.filename = dir + @"\myprocesstostart.exe"; start.windowstyle = system.diagnostics.processwindowstyle.hidden;
Read more

c++ - Convert big endian to little endian when reading from a binary file -

-
this question has answer here: how convert between big-endian , little-endian values in c++? 28 answers i've been looking around how convert big-endian little-endians. didn't find solve problem. seem there's many way can conversion. anyway following code works ok in big-endian system. how should write conversion function work on little-endian system well? this homework, since systems @ school running big-endian system. it's got curious , wanted make work on home computer also #include <iostream> #include <fstream> using namespace std; int main() { ifstream file; file.open("file.bin", ios::in | ios::binary); if(!file) cerr << "not able read" << endl; else { cout << "opened" << endl; int i_var; double d_var; while(!file.eof()) {...
Read more

openssl - Load PKCS#8 binary key into Ruby -

-
i'm trying load particular private key encoded in binary der format ( pkcs#8 ) ruby. however, openssl::pkey won't recognize it. can make work doing console work , transforming pem so: openssl pkcs8 -inform der -in file.key -passin pass:xxxxxxxx >private_key.pem after this, key can correctly read. however, since whole process done in memory instead of writing , reading files. so question is: possible load private keys binary encoded der format ruby/openssl? thank time, fernando yes, can indirectly load pkcs#8 der-encoded private keys using ruby openssl. openssl::pkey::rsa.new handle pem-formatted pkcs#8, easy read binary der , convert pem-formatted string , load string. for example, these der-encoded private keys: $ openssl genrsa | openssl pkcs8 -topk8 -outform der \ -nocrypt -out pkcs8.key $ openssl genrsa | openssl pkcs8 -topk8 -outform der \ -v2 des3 -passout pass:secret -out pkcs8_des3.key you can this: require 'open...
Read more