Board index   FAQ   Search  
Register  Login
Board index php forum :: php coding PHP coding => General

stripslashes

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

stripslashes

Postby report » Sun Jan 12, 2003 8:16 pm

Hello, I am quite new to this forum (and php itself). :oops:

I'm using a php/MySQL based online library catalog system called OLA. It works perfect, except for the unseemly backslashes that appear before all single/double quotation marks in the data when (and only when) they are printed out.

I do note this is a common problem for many other php scripts, and I am aware that there is a way of killing those backslashes is to use the stripslashes command line, but the problem is I don't know how to write it and where to put it. I tried to contact the developpers of the script, but their email addresses proved invalid. Can I look for your help?

What follows are the two pages where I suspect the stripslashes command line should be added.

Thanks in advance

RePort
<hr>
view.php
Code: Select all
<?php

/***************************************************************************
* ONLINE LIBRARY APPLICATION (OLA)               http://ola.sourceforge.net/
* (c) 2002 S. Rawlinson and N. Flear    Licenced under GPL (see licence.txt)
****************************************************************************
* view.php - version 2.0
* - displays full record of one resource
***************************************************************************/


require_once ("standard.inc.php");

// check variables and url parameters
check_param_empty ();
check_param ("id");

// consult database
if (empty ($errormsg)) {
  $sql = "SELECT * FROM resource WHERE resource_id = " . $HTTP_GET_VARS["id"];
  $rs = get_recordset ($sql);
}
if (empty ($errormsg)) {
  $resource = db_make_1D_array ($rs);
}

// print page
if (empty ($errormsg)) {
  $admin_menu = "";
  $checkout = "";
  $update_link = "";

  // Display extra fields if Admin
  if (is_admin ()) {
    $acquired = $resource["date_acquired"];
    $donated_by = $resource["donated_by"];
    if ($acquired == "")
      $acquired = "&nbsp;";
    if ($donated_by == "")
      $donated_by = "&nbsp;";

    // only allow checkout for books on shelf
    if ("On Shelf" == $resource["status"]) {
      $checkout_link = "<a href=\"checkout1.php?id=" . $id . "\">Check-out Resource</a>";
    }
    else {
      $checkout_link = "You can only check-out books that have an 'on shelf' status.";
    }

    $update_link = "<a href=\"update1.php?id=" . $id . "\">Update Record</a>";

    $list = array (

      "ACQUIRED" => $acquired,
      "DONATED" => $donated_by
    );
    $admin_menu = simple_tpl ("view_admin.tpl", $list);
  }

  // -- should replace blank with &nbsp;
  $list = array (

stripslashes_array($list);
    "RESID" => $HTTP_GET_VARS["id"],
    "LOCATION" => $resource["location"],
    "MEDIA" => $resource["media"],
    "STATUS" => $resource["status"],
    "SUBJECT" => $resource["subject"],
    "TITLE" => $resource["title"],
    "AUTHOR" => $resource["author"],
    "YEAR" => $resource["year"],
    "ISBN" => $resource["isbn"],
    "COMMENTS" => $resource["comments"],
    "ADMINITEMS" => $admin_menu,
    "UPDATE" => $update_link,
    "CHECKOUT" => $checkout_link
  );

  $output = simple_tpl ("view.tpl", $list);
}
output_html ("View Resource", $output);

?>

<hr>
search.php
Code: Select all
<?php

/***************************************************************************
* ONLINE LIBRARY APPLICATION (OLA)               http://ola.sourceforge.net/
* (c) 2002 S. Rawlinson and N. Flear    Licenced under GPL (see licence.txt)
****************************************************************************
* search.php - version 2.0
* - displays search results of the resource table
***************************************************************************/


require_once ("standard.inc.php");

// check variables and url parameters
check_param_empty ();
check_param ("submit");

if (empty ($errormsg)) {
  if ($HTTP_GET_VARS["submit"] == "Search") {
    check_param ("search_type");
    check_param ("search_text");
  }
  else if ($HTTP_GET_VARS["submit"] == "Browse") {
    check_param ("browse_media");
    check_param ("browse_subject");
  }
  else {
    $errormsg .= "Error: Bad url format. Incorrect submit=xxx.<br>";
  }
}

// consult database
if (empty ($errormsg)) {

  // set $pos to form
  $pos = 0;
  if (exists_param ("pos") && $HTTP_GET_VARS["pos"] % ROWS_PER_PAGE == 0) {
    $pos = (int) $HTTP_GET_VARS["pos"];
  }

  $sql = "SELECT * FROM resource ";

  // if Serach
  if ($HTTP_GET_VARS["submit"] == "Search") {
    $sql .= "WHERE ";
    if ($HTTP_GET_VARS["search_type"] == "title") {
      $sql .= "title LIKE '%" . $HTTP_GET_VARS["search_text"] . "%' ";
      $sql .= "ORDER BY title ASC";
    }
    else if ($HTTP_GET_VARS["search_type"] == "author") {
      $sql .= "author LIKE '%" . $HTTP_GET_VARS["search_text"] . "%' ";
      $sql .= "ORDER BY title ASC";
    }

  // if Browse
  }
  else if ($HTTP_GET_VARS["submit"] == "Browse") {
    if ($HTTP_GET_VARS["browse_media"] != "All") {
      $sql .= "WHERE media = '" . $HTTP_GET_VARS["browse_media"] . "' ";
      $sql .= "ORDER BY title ASC";
    }
    else if ($HTTP_GET_VARS["browse_subject"] != "All") {
      $sql .= "WHERE subject = '" . $HTTP_GET_VARS["browse_subject"] . "' ";
      $sql .= "ORDER BY title ASC";
    }
    else {
      $sql .= "ORDER BY subject, title ASC";
    }
  }

  $rs = get_recordset ($sql, ROWS_PER_PAGE, $pos);
}
if (empty ($errormsg)) {
  $result = db_make_2D_array ($rs);
}


// print page
if (empty ($errormsg)) {
  global $pos;

  $tpl = new FastTemplate ("tpl");
  $tpl->define (array (
      "row" => "search_row.tpl",
      "table" => "search.tpl"));

  while (list ($key, $val) = each ($result)) {

    // define output keys
    $id = $val["resource_id"];
    $media = $val["media"];
    $subject = $val["subject"];
    $title =  $val["title"];
    $author = $val["author"];
    $year = $val["year"];

    // alternate colour in table
    if (0 == ($key % 2)) {
      $row_colour = "type2";  // light grey
    }
    else {
      $row_colour = "type1";  // white
    }

    if ($media == "") $media = "&nbsp;";
    if ($subject == "") $subject = "&nbsp;";
    if ($title == "") $title = "&nbsp;";
    if ($author == "") $author = "&nbsp;";
    if ($year == "") $year = "&nbsp;";

    // url to view
    $view = "href=\"view.php?id=" . $id . "\"";

    $tpl->assign (array (
      "MEDIA" => $media,
      "SUBJECT" => $subject,
      "TITLE" => $title,
      "AUTHOR" => $author,
      "YEAR" => $year,
      "VIEW" => $view,
      "COLOUR" => $row_colour));
    $tpl->parse ("ROWS", ".row");
  }

  // remove the old &pos= from the query string
  // (assumes it is at the end and nothing after it!!)
  if (intval (strpos (getenv ("QUERY_STRING"), "&pos")) != 0) {
    $query = substr (getenv ("QUERY_STRING"), 0,
        strpos (getenv ("QUERY_STRING"), "&pos"));
  }
  else {
    $query = getenv ("QUERY_STRING");
  }

  if ($pos >= ROWS_PER_PAGE) {
    $prev = "<a href=\"search.php?" . $query . "&pos=" . ($pos - ROWS_PER_PAGE) . "\"><<< Previous</a>";
  }
  else {
    $prev = "&nbsp;";
  }

  if (count ($result) == ROWS_PER_PAGE) {
    $next = "<a href=\"search.php?" . $query . "&pos=" . ($pos + ROWS_PER_PAGE) . "\">Next >>></a>";
  }
  else {
    $next = "&nbsp;";
  }

  $tpl->assign (array ("NEXT" => $next, "PREV" => $prev));
  $tpl->parse ("CONTENT", "table");

  $output = $tpl->fetch ("CONTENT");
}
output_html ("Search", $output);

?>
[/code]
report
New php-forum User
New php-forum User
 
Posts: 2
Joined: Sun Jan 12, 2003 7:35 pm

Postby Joan Garnet » Mon Jan 13, 2003 3:23 am

I don't want to be a lazy moderator :)
but if you try to minimize the code just a little bit... It'll be a little bit easier to find the error.
Anyway, we cannot run the script if we don't have the whole application.
PLease, try to be as concrete as you can.
tHANx!!
;)
User avatar
Joan Garnet
Moderator
Moderator
 
Posts: 387
Joined: Sat Aug 03, 2002 2:56 am
Location: Mars

Postby Redcircle » Wed Jan 22, 2003 12:34 am

you want to use it when you are outputting to the screen.

You would use is like this.

echo stripslashes($varieable);

or

echo 'Hello world, my name is ' . stripslashes($name);
User avatar
Redcircle
Moderator
Moderator
 
Posts: 830
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA

Postby report » Wed Jan 22, 2003 4:20 am

Redcircle wrote:you want to use it when you are outputting to the screen.

You would use is like this.

echo stripslashes($varieable);

or

echo 'Hello world, my name is ' . stripslashes($name);


Thanks for your kind response to a real newbie. I finally found out to which $variable to apply this syntax.

I didn't know the alternative. I may have a chance to try it some day. :P
report
New php-forum User
New php-forum User
 
Posts: 2
Joined: Sun Jan 12, 2003 7:35 pm


Return to PHP coding => General

Who is online

Users browsing this forum: No registered users and 4 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron