View previous topic :: View next topic |
Author |
Message |
domagoj.k
Joined: 17 Apr 2006 Posts: 11
|
Posted: 19.08.2006 21:39 Post subject: Pravilno korištenje ' i " u varijabli |
|
|
Iz php forme treba nešto u mysql.
ovako ga stavlja u mysql
red='$varijabla'
a u $varijabl se nalazi kod ovog tipa <bla bla width="400"/><bla bla nesto="$visina">
I uvijek mi javlja neki problem. ako je "prošo php" (znači bez parse error unexpected T_NESTO) onda mi javi da imam error u mysql sintaksi...
Kako se to pravilno radi? Evo ovaj moj "bla bla" kod, kako ga napisat pravilno? |
|
|
Back to top |
|
|
gog
Joined: 18 Jun 2004 Posts: 679 Location: zagreb
|
Posted: 19.08.2006 22:44 Post subject: |
|
|
red = " ....... '" . $var . "' ......";
ili red = '......\'' . $var . '\'....' |
|
|
Back to top |
|
|
domagoj.k
Joined: 17 Apr 2006 Posts: 11
|
Posted: 20.08.2006 00:01 Post subject: |
|
|
Ne radi mi, da ja sad ne pišem koje mi errore izbacuje, evo koda kojeg želim pod ovim navodnicima ' ' (ne dvostrukim) pa ako netko može pravilno napisat:
<object width="400" height="325"><param name="movie" value="$video"></param><embed src="$video" type="application/x-shockwave-flash" width="400" height="325"></embed></object> |
|
|
Back to top |
|
|
Tedius
Joined: 22 Dec 2003 Posts: 149 Location: Zagreb
|
Posted: 20.08.2006 00:11 Post subject: |
|
|
Kad spremaš varijablu zatvori ju sa addslashes($var), kad ju čupaš van onda staviš stripslashes().... pogledaj detalje u manualu. |
|
|
Back to top |
|
|
gog
Joined: 18 Jun 2004 Posts: 679 Location: zagreb
|
Posted: 20.08.2006 00:23 Post subject: |
|
|
OK, nisam odmah skužio što te muči, pogledja http://hr.php.net/mysql_real_escape_string
Code: | // Quote variable to make safe
function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not a number or a numeric string
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
} |
|
|
|
Back to top |
|
|
domagoj.k
Joined: 17 Apr 2006 Posts: 11
|
Posted: 20.08.2006 10:34 Post subject: |
|
|
Dobro, ali nije mi varijabla jedini problem. Error se javlja i bez nje, jer ja krivo pišem " i ' unutar ovih navodnika: ' '
Stavim prijje navodnika / npr Value=/'bla/' ali ni tako neće... |
|
|
Back to top |
|
|
gog
Joined: 18 Jun 2004 Posts: 679 Location: zagreb
|
Posted: 20.08.2006 11:57 Post subject: |
|
|
Al si ga zakomplicirao, ajde prekopiraj doslovno dio kod-a (upit!!) koij te muči... |
|
|
Back to top |
|
|
domagoj.k
Joined: 17 Apr 2006 Posts: 11
|
Posted: 20.08.2006 13:03 Post subject: |
|
|
Već jesam. Ali evo detaljnije:
$video = $_POST['video'];
$glavno = "<object width='400' height='325'><param name='movie' value='$video'></param><embed src='$video' type='application/x-shockwave-flash' width='400' height='325'></embed></object>";
$sql = "INSERT INTO tablica SET
description='$description',
...
main='$glavno',
... |
|
|
Back to top |
|
|
gog
Joined: 18 Jun 2004 Posts: 679 Location: zagreb
|
Posted: 20.08.2006 14:16 Post subject: |
|
|
Ufff, mislim da bi malo trebao pročitati o osnovama php-a.
Code: | $video="neki tekst";
$film = "bla bla bla='$video' bla";
echo $film; |
dobit ćeš -> Quote: | bla bla bla='$video' bla | , a ne Quote: | bla bla bla='neki tekst' bla | kao što si možda očekivao.
Riješenja ima više, evo jednog:
Code: | $video="neki tekst";
$film = "bla bla bla='" . $video . "' bla";
echo $film; |
ili drugog
Code: | $video="neki tekst";
$film = 'bla bla bla=\'' . $video . '\' bla";
echo $film; |
Znači da bi tvoj kô trebao izgledati ovako nekako:
Code: |
// Quote variable to make safe
function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not a number or a numeric string
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
$video = $_POST['video'];
$glavno = "<object width='400' height='325'><param name='movie' value='" . $video . "'></param><embed src='" . $video . "' type='application/x-shockwave-flash' width='400' height='325'></embed></object>";
$glavno = quote_smart($glavno);
$sql = "INSERT INTO tablica SET
description='$description',
...
main='$glavno',
... |
Kro quote_smart bi trebao provući i $description i sve druge varijable, pa nije loše držati ih u nekom arrayu i prošteta se kroz njega sa forearch ili array_walk... |
|
|
Back to top |
|
|
Gale
Joined: 04 Apr 2005 Posts: 120
|
Posted: 20.08.2006 14:50 Post subject: |
|
|
gog wrote: | Ufff, mislim da bi malo trebao pročitati o osnovama php-a.
Code: | $video="neki tekst";
$film = "bla bla bla='$video' bla";
echo $film; |
dobit ćeš -> Quote: | bla bla bla='$video' bla | , a ne Quote: | bla bla bla='neki tekst' bla | kao što si možda očekivao.
|
dobit će
Quote: | bla bla bla='neki tekst' bla |
|
|
|
Back to top |
|
|
gog
Joined: 18 Jun 2004 Posts: 679 Location: zagreb
|
Posted: 20.08.2006 15:07 Post subject: |
|
|
Ufff, posipam se pepelom, bio sam uvjeren da varijablu ako unutar dvostrukih ogradiš jednostrukima da će se doslovno ispisati...
OK, onda samo upogoni ovaj quotesmart i trebalo bi raditi... |
|
|
Back to top |
|
|
domagoj.k
Joined: 17 Apr 2006 Posts: 11
|
Posted: 21.08.2006 18:22 Post subject: |
|
|
Hvala na odgovorima, ali:
Fatal error: Call to undefined function: quote_smart() |
|
|
Back to top |
|
|
gog
Joined: 18 Jun 2004 Posts: 679 Location: zagreb
|
Posted: 22.08.2006 19:17 Post subject: |
|
|
Pa ono, moraš imati tu funkciju upisanu:
Code: | // Quote variable to make safe
function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not a number or a numeric string
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
|
|
|
|
Back to top |
|
|
|