Page 1 of 1

Problem removing bad symbols in varible from file

Posted: Sat Jan 22, 2011 11:33 pm
by dopey
Hello everyone im having problems with this script removing bad symbols before searching mysql database i tried using mysqli_real_escape but no luck heres the code i have and i still have no lucky removing the ' and " , and etc any help would be apperciated


$ip=$_SERVER['REMOTE_ADDR'];
$date = date(DATE_RFC822);
print "<p><center>Loged in as $ip The Date is $date</center></p>";
$data = file('/var/www/htdocs/mp32/playlist.lst', FILE_IGNORE_NEW_LINES);
$bad_symbols = array("'",","); // set bad symbols to remove
$linesgood = str_replace($bad_symbols,"",$data); // remove bad symbols but doesnt work.
print "<center><table border=1 frame=void cellpadding=1 cellspacing=0 align=center rules=all><tr><th>Song Position</th><th>Artist</th><th>Title</th><th>Genre</th><th>Action</th></tr>";
require('dbconfig1.php');
while($n < count($linesgood)) {
$query = mysqli_query($conn1, "SELECT * FROM mp_id3_tags WHERE filename LIKE '$linesgood[$n]'"); //query database for each one
while($row = mysqli_fetch_array($query)){
print "<tr><td>$n</td><td>{$row['artist']}</td><td>{$row['title']}</td><td>{$row['genre']}</td></td><td><a href=\"playlist.php?remove=$n\">Delete</a></td></tr>"; // print whats returned from mysql and print the number it is in the file read from
}
$n = $n + 1;
}
print "</table></center>";

Re: Problem removing bad symbols in varible from file

Posted: Sun Jan 23, 2011 12:33 am
by josh
I don't see where you even tried to use the escape function like you said you did. You shouldn't remove the apostrophe, the users usually put them in for a reason. Escaping is usually the correct action.

Re: Problem removing bad symbols in varible from file

Posted: Sun Jan 23, 2011 1:23 am
by dopey
i finally got it, the scirpt i posted i was trying to use a array str_replace to remove the stuff but that didnt work it took me some time to figure out with mysqli_real_escape_string that i was passing it a array and thats why it wouldnt work.. since then i figured the right code out..


$ip=$_SERVER['REMOTE_ADDR'];
$date = date(DATE_RFC822);
print "<p><center>Loged in as $ip The Date is $date</center></p>";
require('dbconfig1.php');
$data = file('/var/www/htdocs/mp32/playlist.lst', FILE_IGNORE_NEW_LINES);
print "<center><table border=1 frame=void cellpadding=1 cellspacing=0 align=center rules=all><tr><th>Song Position</th><th>Artist</th><th>Title</th><th>Genre</th><th>Action</th></tr>";
foreach($data as $key=> $a){

$line[$key] = mysqli_real_escape_string($conn1, $a);
while($n < count($line)) {
$query = mysqli_query($conn1, "SELECT * FROM mp_id3_tags WHERE filename LIKE '$line[$key]'"); //query database for each one
while($row = mysqli_fetch_array($query)){
print "<tr><td>$n</td><td>{$row['artist']}</td><td>{$row['title']}</td><td>{$row['genre']}</td></td><td><a href=\"playlist.php?remove=$n\">Delete</a></td></tr>"; // print whats returned from mysql and print the number it is in the file read from
}
$n = $n + 1;
}
}
print "</table></center>";