mysql real escape string removing get variable - mysql-real-escape-string

I have a page that takes a GET variable from the URL and checks it against a mysql database like so:
<?php
$t=$_GET['t'];
//check against database
?>
<div><?php echo $t; ?></div>
This works. However, when I add the mysql_real_escape_string on the get variable like:
$t=mysql_real_escape_string($_GET['t']);
the variable disappears. Nothing is inside the div and I don't know why. I have tried many ordinary strings and they all disappear.

you have to connect to a database before using mysql_real_escape_string();

Related

How to pass special parameters from the CLI to the browser URL bar

I have a problem passing special parameters from a bash script to a browser URL bar.
I would like to open a PDF file on a certain page, and with a certain zoom factor, and at a certain position (relative to a page corner, I think that's called "focus") in Brave, from the command line.
I thought that should work like this:
$ brave-browser file:/home/user/foo.pdf#page=5&zoom=150,50,50
(the ",50,50" would be the "focus") but it doesn't. It just provokes an error message.
Copy/pasting the entire line with all the special characters manually to the URL bar works fine, but I would like to do that without the mouse or keyboard, from the CL. In other words, copying the string
file:/home/user/foo.pdf#page=5&zoom=150,50,50
and pasting that straight into the URL bar will open the file the way I want in Brave.
This shortened command works from the CL:
$ brave-browser file:/home/user/foo.pdf#page=5
but adding the &zoom=150,50,50 provokes an error message from Brave.
I just can't get my head around how to format the rest of the line so that the file opens in the browser as intended (zoomed and focussed), when called from the CL.
I begin to wonder if that is possible at all.
I have tried everything that was suggested here:
Shell script to open a URL
and a couple of other ideas I had (mainly, creative use of quotation marks)
I also read this, but I am not sure if it refers to the same question - and the post is 11 years old. Was hoping that things changed:
Can a website pass focus to the browsers url field?
Thanks a lot for any help!
Just found out that all it takes is a backslash in front of the ampersand...
Strange: no matter how I do write that here, with the *** before and after the code, or without the three *** , I can never see the backslash in the post's preview!
browser file:/home/user/foo.pdf#page=5 \ &zoom=150,50,50
I have to type blanks before and after the hash to make it visible in this post as above. Looks wrong but this is the only way I can show what I mean. Also strange: the hash # works without the backslash \
Thanks, should someone have looked into this in the meantime!

Need to store <?fo:page-number?> inside a variable

I need to print a qrcode that is a concat by a code that is stored in the xml tag and the actual page number, because I need to pass the string with xmltag and page number in the <?format-barcode:DATATEXT;'qrcode';'MyBarcodeEncoder'?> but i can't figure out how to do that.
I tried to store the <?fo:page-number?> inside a variable and then concatenate that with my xmltag code but i think it's impossible.
Anyone knows some workaround to do that?
thanks

Rails console ignores newlines in ActiveRecord:Relation object?

I was going through the AR query interface guide and from it I got the impression that the Rails console should be interpreting the \n in the output from the .explain command as a newline, rather than printing it as raw text on the screen. Reading a query on one single line is inconvenient to say the least.
I can "fix" the formatting issue by prepending "print" to any ActiveRecord::Relation object output to the console, as in the canonical example:
print User.joins(:posts).explain
Is it supposed to work that way by default, or am I doing something wrong? Do people always stick to prepending print?
Thanks!
Yes, the rails console displays the \n characters (rather than rendering) them by default. I always add print exactly as you have done.
Seems normal.
>> hi = "hello\nworld"
=> "hello\nworld"
>> hi
=> "hello\nworld"
>> puts hi
hello
world
=> nil
If you just type a variable or method, it shows you a raw data dump of the value or return value.

escaping single quotes in a CSV

I'm trying to do a really basic output of data to a CSV file
I have some code like:
<?php echo $csv->getComments() ?>,
and
<?php echo "comments"."," ?>
This outputs the foloowing in a CSv file:
comments,
i like cheese
The problem I'm having is when I'm outputting single quoutes in the comments, such as i'm loving cheese
This outputs ,i'm loving cheese and it breaks my CSV file.
Is there a way to either replace the single quote that has been encoded or just to remove the single quote?
I have seen that I can use an escaping_method in the settings.yml, but using any of the options doesn't seem to affect the output.
Thanks
The problem seems to be symfony's output escaper. All objects passed to a partial are automatically wrapped in an escape output escaper object. There are two ways to get the raw value of your comment:
In a partial every method called on an output escaper object accepts a "magic" last parameter, defining the escape method to use. So in your case you can use:
echo $csv->getComments(ESC_RAW);
You can free your $csv object from the output escaper by calling the decorators getRawValue() method in the first lines of your partial:
$csv = $csv->getRawValue();
You can wrap your value with "value"

Looking for SSI Environment Variable(s) for Document URL

I'm looking for an SSI Environment Variable that can return the Document URL...
http://www.mySite.com/path/myPage.html
Right now, I'm cobbling it together using these other environment variables...
<!--#echo var="SERVER_NAME" -->
gives this: http://www.mySite.com, and...
<!--#echo var="DOCUMENT_URI" -->
gives this: /path/myPage.html.
So I'm putting them both together, like this...
http://<!--#echo var="SERVER_NAME" --><!--#echo var="DOCUMENT_URI" -->
And it works just fine.
Two questions:
1) Is there a single SSI Environment Variable for the full Document URL? I've been searching for a while but cannot seem to find.
2) If not, can somebody explain why? There is one called HTTP_REFERER that returns the full URL of the referer, so why not one that returns the full URL of the current location, something like a DOCUMENT_URL?
1) No, there isn't. You can check this by a simple dump of all environment values:
<pre>
<!--#printenv -->
</pre>
2) Why? I'm not sure, perhaps because it would be redundant to have that in a single variable where you can cobble it together as you did. That and the fact that you might want to also do certain things like ignore the server protocol (HTTP or HTTPS) or use a different port, or any number of other reasons.
Hope that helps

Resources