PHP mySQL preg_replace string & store result -


so after bringing code strip button id paypal form code, i'm faced difficulty of getting information stored in database.

the paypal code of course this:

<form target="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="a58f6b5hvxebu"> <input type="image" src="https://www.paypalobjects.com/en_us/i/btn/btn_cart_lg.gif" border="0" name="submit" alt="paypal - safer, easier way pay online!"> <img alt="" border="0" src="https://www.paypalobjects.com/en_us/i/scr/pixel.gif" width="1" height="1"> </form>

with following code, value a58f6b5hvxebu removed of above:

<?php $string = ''; $res = preg_replace('~(.+)(name="hosted_button_id"\s+value=")([^"]+)(["].+)~s', '$3', $string); ?>

i know above code needs go action.php file handles form information , adds database i'm not sure how arrange it. can't seem work way try. believe name on form have different database row what's in textarea can processed through preg_replace code sent database i'm stuck on 1 stinks because i'm sure it's simple lol

the setup form , processing file this:

<form action="action.php" method="post" name="addclass"> <table> <tr> <td><strong>paypal code: </strong></td> <td><textarea name="paypal" rows="4" cols="50"></textarea></td> </tr> </table> <input type="submit" name="submit" value="submit"> </form>

action.php add database:

<?php $con=mysqli_connect("root","username","pass","dbname"); // check connection if (mysqli_connect_errno()) { echo "failed connect mysql: " . mysqli_connect_error(); }  $sql="insert tester (paypal) values ('$_post[paypal]')";  if (!mysqli_query($con,$sql)) { die('error: ' . mysqli_error($con)); } echo "<center><h1>1 class added</h1>"; echo "<br /><br /><a href=view.php><font size=18>back list</font></a>"; mysqli_close($con); ?>

i have been racking brain trying different ways of implementing preg_replace code action.php file save 13-character value string database , each way it, form processes , says record has been added creates blank record , doesn't store database.

you missed quotations on key name of post variable in query. not sanitizing data, , not using prepared statements, script, despite using mysqli still insecure. use mysqli_stmt_prepare() queries contain $variables or other input. use mysqli_query() queries don't require user submitted data or script variables.

$sql="insert tester (paypal) values ('".$_post['paypal']."')";

Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

request animation frame stops working when exiting fullscreen clicking on original space's safari window. fine if fullscreen mode canceled escape key or calling cancelfullscreen(). steps reproduce: open https://dl.dropboxusercontent.com/u/769042/prezi/safari-fullscreen.html click "draw raf", kittie appears click "fullscreen", go fullscreen click "draw raf", kittie appears go space original safari was, showing "click exit fullscreen mode", click anywhere, out fullscreen click "draw raf", nothing happens what handling click calling: window.requestanimationframe(draw); which draws on canvas context: function draw() { ctx.drawimage(img, math.random()*500|0, math.random()*400|0, 100, 100); } i checked .hidden , .visibilitystate, updated correctly. tested on osx 10.9.3, safari 7.0.4 (9537.76.4). has workaround/solution other switching old settimeout? this sounds webkit bug 88940 : using reque
Read more

Python ctypes access violation with const pointer arguments -

i have api i'm trying wrap in python (2.7.6 on win7) code using ctypes. here's api: client_dllfunc bool clientapi search_exporttoclipcopy(clienthsearch handle, int channel, lpctstr filename, const time_t& from, const time_t& to, const bool* cameras, int length, bool usepassword, lpctstr password, bool includetextin = false, bool excludeplayer = false); the issue i'm having cameras argument; , i've had issue other const pointer arguments well. here's how i'm wrapping api: def search_exporttoclipcopy(self, hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, password, includetextin=true, excludeplayer=false): exporttoclipcopy = self.sdkdll.search_exporttoclipcopy exporttoclipcopy.argtypes = [c_int, c_int, c_wchar_p, c_long, c_long, pointer(c_bool), c_int, c_bool, c_wchar_p, c_bool, c_bool] exporttoclipcopy.restype = c_bool exporttoclipcopy(hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, pass
Read more