Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[H.A.C]

Hi everybody,

I'm facing to a mysterious problem with MySQL. I don't know why! I need your help.

My code is very simple but I still don't know why, let you follow my description:

This is my code, it works - you can check it.

Code: [Select]

<?php
$content = file_get_contents('http://www.9down.com/AMD-Athlon-64-X2-Dual-Core-Processor-Driver-v-1-3-2-16-for-Win-XP-Server-2003-7154/');

preg_match('@<div class="imgss">.*</div>(.*)<div class="lifls1 bj">@Uus', $content, $article_body);

echo "This is orginal article:\n".$article_body[1];

//replace all ' to &#38;#39;
$article_body[1] = str_replace("\'",'&#38;#39;',$article_body[1]);

//i just want to check if the above function works
if (strpos($article_body,"\'") > 0) {
echo "\noh, it doesnt works\n";
} else {
echo "\nIt works\n";
}

echo $article_body[1];

?>(when copy the code above to test, please pay attention that & is converted to & by our forum system- so  you must replace & by & mark to test my code)

And the result I got is: (run the script with firefox 2.0.11 and rightlick -> view Page Source)

This is orginal article:

Allows the system to automatically adjust the CPU speed, voltage and power combination that match the instantaneous user performance need. Download this Setup Installation program (EXE) to automatically update all the files necessary for installation. This package is recommended for users whom desire a graphical user interface for installation. This .EXE driver is a user friendly localized software installation of the driver designed for end-users. This driver supports AMD Athlon&trade; 64 X2 Dual Core processors on Windows XP SP2, Windows 2003 SP1 x84 and x64 Editions.<div>Before proceeding with your driver installation we suggest you make sure you are installing the latest version available and for the appropriate model/revision and Operating System. We strongly suggest following 'readme' instructions for installing drivers when available. Often restarting your system will be necessary for the new driver to become active and start functioning properly.</div><br /><div>You can check back regularly for new updates at TechSpot's Drivers Section or stop by our frontpage on a daily for the best technology information on the web. <br /><br /><strong><a href="http://www.amd.com/us-en/assets/content_type/utilities/amdcupsetup.exe" target="_self">Download</a></strong></div>

It works

Allows the system to automatically adjust the CPU speed, voltage and power combination that match the instantaneous user performance need. Download this Setup Installation program (EXE) to automatically update all the files necessary for installation. This package is recommended for users whom desire a graphical user interface for installation. This .EXE driver is a user friendly localized software installation of the driver designed for end-users. This driver supports AMD Athlon&trade; 64 X2 Dual Core processors on Windows XP SP2, Windows 2003 SP1 x84 and x64 Editions.<div>Before proceeding with your driver installation we suggest you make sure you are installing the latest version available and for the appropriate model/revision and Operating System. We strongly suggest following 'readme' instructions for installing drivers when available. Often restarting your system will be necessary for the new driver to become active and start functioning properly.</div><br /><div>You can check back regularly for new updates at TechSpot's Drivers Section or stop by our frontpage on a daily for the best technology information on the web. <br /><br /><strong><a href="http://www.amd.com/us-en/assets/content_type/utilities/amdcupsetup.exe" target="_self">Download</a></strong></div>

You can see that all done.

The code below generate :: "It works" <= that means that there is no ' mark.

Code: [Select]

<?php
if (strpos($article_body,"\'") > 0) {
echo "\noh, it doesnt works\n";
} else {
echo "\nIt works\n";
}
?>

But look at the second paragraph, there is still ' mark on the paragraph. (expected: &#39;) <= I dont understand this point.

that's why when i parse $article_body to MySQL, I got this error message (i use echo mysql_error (); to get the error message)

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'readme' instructions for installing drivers when available. Often restarting you' at line 1

Note: This is my environment
Firefox 2.0.11
AppServ 2.5.9 (Apache 2.2.4, PHP 5.2.3, MySQL 5.0.45, phpMyAdmin-2.10.2)
,

[codetwist]

IMHO this:

Code: [Select]

//replace all ' to '
$article_body[1] = str_replace("\'",
should look this:

Code: [Select]

//replace all ' to '
$article_body[1] = str_replace("'",
and this:

Code: [Select]

//i just want to check if the above function works
if (strpos($article_body,"\'") > 0) {
like this:

Code: [Select]

//i just want to check if the above function works
if (strpos($article_body,"'") > 0) {


[H.A.C]

Oh, thanks for your help. it works correctly. Thank you very much. But I have another question:


But this code works correctly

Code: [Select]

<?php
$id= $_GET['id'];
if ($id!= '') {
echo $text = str_replace("\'",'&#38;#39;',$id);
} else {
echo 'You must type something in the textbox below:';
echo '<form name="upload" action="'.$_SERVER['PHP_SELF'].'" method="GET" enctype="text" target="_self">';
echo '<input name="id" type="text" size="100" /><br>';
echo '<input type="submit" name="cmdSend" value="SEND" /> ';
echo '</form>';
} 
?>
the code below doesn't work correctly.

Code: [Select]

<?php
$id= $_GET['id'];
if ($id!= '') {
echo $text = str_replace("'",'&#38;#39;',$id);
} else {
echo 'You must type something in the textbox below:';
echo '<form name="upload" action="'.$_SERVER['PHP_SELF'].'" method="GET" enctype="text" target="_self">';
echo '<input name="id" type="text" size="100" /><br>';
echo '<input type="submit" name="cmdSend" value="SEND" /> ';
echo '</form>';
} 
?>
could you explain this situation?


Also, how about this line in sNews.php?

Code: [Select]

<?php
$comment = str_replace("\'", "&#38;#39;", $_POST['editedcomment']);
?>

[lilspen]

would it have anything to do with the fact that the &#38;#39 are between " ... " in the snews code and yours are between ' ... '?

try your original code with " instead of '.
that's the only difference I can see.

[lilspen]

the only difference I see isthat your code has &#38;#39 in single quotes ( ' ) and the sNews code is using double quotes ( " ).

try your original code using " and tell me what you get.

[H.A.C]

" can't help. I still get the same result.

[codetwist]

Those other lines in snews.php deals with different data source - presumably already stored in database and probably escaped with slash character. In Your case it's data with unescaped single quote character.

[invarbrass]

that's why when i parse $article_body to MySQL, I got this error message (i use echo mysql_error (); to get the error message)

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'readme' instructions for installing drivers when available. Often restarting you' at line 1

I can't find any database calls in your code. Are you preparing the input for SQL? I think you're not escaping the control characters in the retrieved article. Try mysql_real_escape().