Home > Archive > PHP on Windows > May 2004 > RE: [PHP-WIN] Passing +, =, - at post and get
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
RE: [PHP-WIN] Passing +, =, - at post and get
|
|
| Charles P. Killmer 2004-05-20, 10:35 am |
| I hope you are not allowing the client to send T-SQL through the query
string. Consider them sending something like=20
File.php?Query=3D'; drop table XXX; --
Charles Killmer
-----Original Message-----
From: George Pitcher [mailto:george.pitcher@ingenta.com]=20
Sent: Thursday, May 20, 2004 8:25 AM
To: php-windows@lists.php.net
Subject: [PHP-WIN] Passing +, =3D, - at post and get
Hi,
I want to be able to pass the '=3D', '+' and '-' characters both from a
web form and as part of a url, to enable a better way of searching.
However, these characters are choking my IIS webserver and not getting
through to the script.
Can anyone suggest a better way of achieving this?
Cheers
George
--
PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
| |
| George Pitcher 2004-05-20, 10:35 am |
| Charles,
No way! This site will only have about 3-4 users as its an intranet and I'll
be parsing everything at the server end.
George
> -----Original Message-----
> From: Charles P. Killmer [mailto:charlesk@netgaintechnology.com]
> Sent: 20 May 2004 2:31 pm
> To: php-windows@lists.php.net
> Subject: RE: [PHP-WIN] Passing +, =, - at post and get
>
>
> I hope you are not allowing the client to send T-SQL through the query
> string. Consider them sending something like
> File.php?Query='; drop table XXX; --
>
> Charles Killmer
>
> -----Original Message-----
> From: George Pitcher [mailto:george.pitcher@ingenta.com]
> Sent: Thursday, May 20, 2004 8:25 AM
> To: php-windows@lists.php.net
> Subject: [PHP-WIN] Passing +, =, - at post and get
>
> Hi,
>
> I want to be able to pass the '=', '+' and '-' characters both from a
> web form and as part of a url, to enable a better way of searching.
> However, these characters are choking my IIS webserver and not getting
> through to the script.
>
> Can anyone suggest a better way of achieving this?
>
> Cheers
>
> George
>
> --
> PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit:
> http://www.php.net/unsub.php
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
| |
| George Pitcher 2004-05-20, 10:35 am |
| And doing a bit more, I find that '=' and '-' are passing through OK so I'll
need to train my users to use an alternative to '+'.
The choking seems to be with my parsing function, which I have pasted in
below:
========================================
=========
function sql_fltr($sql,$field,$input){
if(strlen($input)>0){
if( substr_count($input,"=")>0 | substr_count($input," -")>0 |
substr_count($input," +")>0 ){
$output = "";
$temp = str_replace(" -","|-",(str_replace(" -","|-",($input))));
$temp = explode("|",$temp);
for ($i = 0; $i <= sizeof($temp); $i++){
if (substr($temp[$i],0,1)=="*"){
$temp[$i] = $field." like
'".rtrim(str_replace("*","%",$temp[$i]))."%'";
$output.= $temp[$i]."|";
} elseif (substr($temp[$i],0,1)=="-"){
$temp[$i] = " and ".$field." not like
'".rtrim(str_replace("*","%",$temp[$i]))."'";
$output.= $temp[$i]."|";
} elseif (substr($temp[$i],0,1)=="="){
$temp[$i] = " and
".$field."='".rtrim(str_replace("=","",$temp[$i]))."'";
$output.= $temp[$i]."|";
} elseif (substr($temp[$i],0,1)!="+" &&
substr($temp[$i],0,1)!="-"&&substr($temp[$i],0,1)!="*" &&
substr($temp[$i],0,1)!="="){
$temp[$i] = "and ".$field." like
'%".rtrim(str_replace("=","",$temp[$i]))."'";
$output.= $temp[$i]."|";
} else {
$temp[$i] = " ".$field."='".rtrim($temp[$i])."'";
$output.= $temp[$i]."|";
}
}
$output = " AND ".substr($output,0,strlen($output)-1);
} else {
$temp = $input;
if (substr($temp,0,1)=="*"){
$temp = $field." like '".rtrim(str_replace("*","%",$temp))."'";
} elseif (substr($temp,0,1)=="-"){
$temp = $field." not like '".rtrim(str_replace("*","%",$temp))."'";
} elseif (substr($temp,0,1)=="="){
$temp = $field."='".rtrim(str_replace("=","",$temp))."'";
} elseif (substr($temp,0,1)!="+" &&
substr($temp,0,1)!="-"&&substr($temp,0,1)!="*" && substr($temp,0,1)!="="){
$temp = $field." like '%".rtrim(str_replace("=","",$temp))."'";
} else {
$temp = $field."='".rtrim($temp)."'";
}
$output = " AND ".$temp;
}
} else {
$output = "";
}
return $output;
}
========================================
=========
This works fine if the user has eneterd either no control or the * wildcared
with the criteria.
Any suggestions?
Cheers
George
> -----Original Message-----
> From: George Pitcher [mailto:george.pitcher@ingenta.com]
> Sent: 20 May 2004 2:33 pm
> To: php-windows@lists.php.net
> Subject: RE: [PHP-WIN] Passing +, =, - at post and get
>
>
> Charles,
>
> No way! This site will only have about 3-4 users as its an
> intranet and I'll
> be parsing everything at the server end.
>
> George
>
>
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
| |
| B.A.T. Svensson 2004-05-20, 11:33 am |
| In such case GRANT is a nice command to prevent
droping tables in the first place.
-----Original Message-----
From: Charles P. Killmer
To: php-windows@lists.php.net
Sent: 20-5-2004 15:31
Subject: RE: [PHP-WIN] Passing +, =, - at post and get
I hope you are not allowing the client to send T-SQL through the query
string. Consider them sending something like
File.php?Query='; drop table XXX; --
Charles Killmer
-----Original Message-----
From: George Pitcher [mailto:george.pitcher@ingenta.com]
Sent: Thursday, May 20, 2004 8:25 AM
To: php-windows@lists.php.net
Subject: [PHP-WIN] Passing +, =, - at post and get
Hi,
I want to be able to pass the '=', '+' and '-' characters both from a
web form and as part of a url, to enable a better way of searching.
However, these characters are choking my IIS webserver and not getting
through to the script.
Can anyone suggest a better way of achieving this?
Cheers
George
--
PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
| |
| Trevor Gryffyn 2004-05-20, 11:33 am |
| Sorry, don't have time to go through your code or to look up the regex
way of doing this, but you can translate then decode the plus sign
fairly easily. One really basic example:
$plussign =3D "+";
echo "Plus: $plussign\n";
$plussign =3D "&#" . ord($plussign) .";";
echo "HTML Entity Plus: $plussign\n";
$plussign =3D chr(substr($plussign,2,strlen($plussign)
-3));
echo "HTML Entity Converted Back: $plussign\n";
The plus sign should pass through a POST ok, but in a GET the plus sign
is used to represent spaces in a URL sometimes. Ampersands, equal
signs, forward (and probably back) slashes, colons and question marks
are also used in URLs (might have forgot some). Since GET puts all the
data through a URL, you need to be aware of the reserved characters used
in URLs. You shouldn't have this problem through a POST transaction
though. I'm not aware of anything that won't pass through POST, but I'm
sure there's something.
There's almost always a way to transfer text into something that'll pass
through POST or GET without screwing things up. Easier to change the
code than change the users.
-TG
> -----Original Message-----
> From: George Pitcher [mailto:george.pitcher@ingenta.com]=20
> Sent: Thursday, May 20, 2004 9:43 AM
> To: php-windows@lists.php.net
> Subject: RE: [PHP-WIN] Passing +, =3D, - at post and get
>=20
>=20
> And doing a bit more, I find that '=3D' and '-' are passing=20
> through OK so I'll
> need to train my users to use an alternative to '+'.
| |
| B.A.T. Svensson 2004-05-20, 11:33 am |
| In your second if you do a count on the occurence of a character,
but don't use the result, why not use strpos() directly?
Also if you just want to replace a single char with another
single char, then you might like to do like this:
$String = implode(explode($String, $OldChar), $NewChar);
-----Original Message-----
From: George Pitcher
To: php-windows@lists.php.net
Sent: 20-5-2004 15:43
Subject: RE: [PHP-WIN] Passing +, =, - at post and get
And doing a bit more, I find that '=' and '-' are passing through OK so
I'll
need to train my users to use an alternative to '+'.
The choking seems to be with my parsing function, which I have pasted in
below:
========================================
=========
function sql_fltr($sql,$field,$input){
if(strlen($input)>0){
if( substr_count($input,"=")>0 | substr_count($input,"
-")>0 |
substr_count($input," +")>0 ){
$output = "";
$temp = str_replace(" -","|-",(str_replace("
-","|-",($input))));
$temp = explode("|",$temp);
for ($i = 0; $i <= sizeof($temp); $i++){
if (substr($temp[$i],0,1)=="*"){
$temp[$i] = $field." like
'".rtrim(str_replace("*","%",$temp[$i]))."%'";
$output.= $temp[$i]."|";
} elseif (substr($temp[$i],0,1)=="-"){
$temp[$i] = " and ".$field." not
like
'".rtrim(str_replace("*","%",$temp[$i]))."'";
$output.= $temp[$i]."|";
} elseif (substr($temp[$i],0,1)=="="){
$temp[$i] = " and
".$field."='".rtrim(str_replace("=","",$temp[$i]))."'";
$output.= $temp[$i]."|";
} elseif (substr($temp[$i],0,1)!="+" &&
substr($temp[$i],0,1)!="-"&&substr($temp[$i],0,1)!="*" &&
substr($temp[$i],0,1)!="="){
$temp[$i] = "and ".$field." like
'%".rtrim(str_replace("=","",$temp[$i]))."'";
$output.= $temp[$i]."|";
} else {
$temp[$i] = "
".$field."='".rtrim($temp[$i])."'";
$output.= $temp[$i]."|";
}
}
$output = " AND
".substr($output,0,strlen($output)-1);
} else {
$temp = $input;
if (substr($temp,0,1)=="*"){
$temp = $field." like
'".rtrim(str_replace("*","%",$temp))."'";
} elseif (substr($temp,0,1)=="-"){
$temp = $field." not like
'".rtrim(str_replace("*","%",$temp))."'";
} elseif (substr($temp,0,1)=="="){
$temp =
$field."='".rtrim(str_replace("=","",$temp))."'";
} elseif (substr($temp,0,1)!="+" &&
substr($temp,0,1)!="-"&&substr($temp,0,1)!="*" &&
substr($temp,0,1)!="="){
$temp = $field." like
'%".rtrim(str_replace("=","",$temp))."'";
} else {
$temp = $field."='".rtrim($temp)."'";
}
$output = " AND ".$temp;
}
} else {
$output = "";
}
return $output;
}
========================================
=========
This works fine if the user has eneterd either no control or the *
wildcared
with the criteria.
Any suggestions?
Cheers
George
> -----Original Message-----
> From: George Pitcher [mailto:george.pitcher@ingenta.com]
> Sent: 20 May 2004 2:33 pm
> To: php-windows@lists.php.net
> Subject: RE: [PHP-WIN] Passing +, =, - at post and get
>
>
> Charles,
>
> No way! This site will only have about 3-4 users as its an
> intranet and I'll
> be parsing everything at the server end.
>
> George
>
>
query[color=darkred]
a[color=darkred]
getting[color=darkred]
visit:[color=darkred]
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
| |
| Trevor Gryffyn 2004-05-20, 11:33 am |
| That's gotta be one of the more creative ways around using a regular
expression I've ever seen.. Hah.. Good job Svennson. A regex or string
replace would probably work better, or at least be more direct though.
-TG
> -----Original Message-----
> From: Svensson, B.A.T. (HKG) [mailto:B.A.T.Svensson@lumc.nl]=20
> Sent: Thursday, May 20, 2004 10:48 AM
> To: 'php-windows@lists.php.net '
> Subject: RE: [PHP-WIN] Passing +, =3D, - at post and get
>=20
>=20
> In your second if you do a count on the occurence of a character,
> but don't use the result, why not use strpos() directly?=20
>=20
> Also if you just want to replace a single char with another
> single char, then you might like to do like this:
>=20
> $String =3D implode(explode($String, $OldChar), $NewChar);
>=20
>=20
>=20
> -----Original Message-----
> From: George Pitcher
> To: php-windows@lists.php.net
> Sent: 20-5-2004 15:43
> Subject: RE: [PHP-WIN] Passing +, =3D, - at post and get
>=20
> And doing a bit more, I find that '=3D' and '-' are passing=20
> through OK so
> I'll
> need to train my users to use an alternative to '+'.
>=20
> The choking seems to be with my parsing function, which I=20
> have pasted in
> below:
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> function sql_fltr($sql,$field,$input){
> if(strlen($input)>0){
> if( substr_count($input,"=3D")>0 | substr_count($input,"
> -")>0 |
> substr_count($input," +")>0 ){
> $output =3D "";
> $temp =3D str_replace(" -","|-",(str_replace("
> -","|-",($input))));
> $temp =3D explode("|",$temp);
> for ($i =3D 0; $i <=3D sizeof($temp); $i++){
> if (substr($temp[$i],0,1)=3D=3D"*"){
> $temp[$i] =3D $field." like
> '".rtrim(str_replace("*","%",$temp[$i]))."%'";
> $output.=3D $temp[$i]."|";
> } elseif (substr($temp[$i],0,1)=3D=3D"-"){
> $temp[$i] =3D " and ".$field." not
> like
> '".rtrim(str_replace("*","%",$temp[$i]))."'";
> $output.=3D $temp[$i]."|";
> } elseif (substr($temp[$i],0,1)=3D=3D"=3D"){
> $temp[$i] =3D " and
> ".$field."=3D'".rtrim(str_replace("=3D","",$temp[$i]))."'";
> $output.=3D $temp[$i]."|";
> } elseif (substr($temp[$i],0,1)!=3D"+" &&
> substr($temp[$i],0,1)!=3D"-"&&substr($temp[$i],0,1)!=3D"*" &&
> substr($temp[$i],0,1)!=3D"=3D"){
> $temp[$i] =3D "and ".$field." like
> '%".rtrim(str_replace("=3D","",$temp[$i]))."'";
> $output.=3D $temp[$i]."|";
> } else {
> $temp[$i] =3D "
> ".$field."=3D'".rtrim($temp[$i])."'";
> $output.=3D $temp[$i]."|";
> }
> }
> $output =3D " AND
> ".substr($output,0,strlen($output)-1);
> } else {
> $temp =3D $input;
> if (substr($temp,0,1)=3D=3D"*"){
> $temp =3D $field." like
> '".rtrim(str_replace("*","%",$temp))."'";
> } elseif (substr($temp,0,1)=3D=3D"-"){
> $temp =3D $field." not like
> '".rtrim(str_replace("*","%",$temp))."'";
> } elseif (substr($temp,0,1)=3D=3D"=3D"){
> $temp =3D
> $field."=3D'".rtrim(str_replace("=3D","",$temp))."'";
> } elseif (substr($temp,0,1)!=3D"+" &&
> substr($temp,0,1)!=3D"-"&&substr($temp,0,1)!=3D"*" &&
> substr($temp,0,1)!=3D"=3D"){
> $temp =3D $field." like
> '%".rtrim(str_replace("=3D","",$temp))."'";
> } else {
> $temp =3D $field."=3D'".rtrim($temp)."'";
> }
> $output =3D " AND ".$temp;
> }
> } else {
> $output =3D "";
> }
> return $output;
> }
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> This works fine if the user has eneterd either no control or the *
> wildcared
> with the criteria.
>=20
> Any suggestions?
>=20
> Cheers
>=20
> George
>=20
>=20
> query
> both from
> a
> searching.
> getting
> visit:
>=20
> --=20
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>=20
> --=20
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>=20
>=20
| |
| George Pitcher 2004-05-20, 11:33 am |
| Anders,
Thanks for the tips. I've resolved the post/get problem.
Cheers
George
> -----Original Message-----
> From: Svensson, B.A.T. (HKG) [mailto:B.A.T.Svensson@lumc.nl]
> Sent: 20 May 2004 3:48 pm
> To: 'php-windows@lists.php.net '
> Subject: RE: [PHP-WIN] Passing +, =, - at post and get
>
>
> In your second if you do a count on the occurence of a character,
> but don't use the result, why not use strpos() directly?
>
> Also if you just want to replace a single char with another
> single char, then you might like to do like this:
>
> $String = implode(explode($String, $OldChar), $NewChar);
>
>
>
> -----Original Message-----
> From: George Pitcher
> To: php-windows@lists.php.net
> Sent: 20-5-2004 15:43
> Subject: RE: [PHP-WIN] Passing +, =, - at post and get
>
> And doing a bit more, I find that '=' and '-' are passing through OK so
> I'll
> need to train my users to use an alternative to '+'.
>
> The choking seems to be with my parsing function, which I have pasted in
> below:
> ========================================
=========
> function sql_fltr($sql,$field,$input){
> if(strlen($input)>0){
> if( substr_count($input,"=")>0 | substr_count($input,"
> -")>0 |
> substr_count($input," +")>0 ){
> $output = "";
> $temp = str_replace(" -","|-",(str_replace("
> -","|-",($input))));
> $temp = explode("|",$temp);
> for ($i = 0; $i <= sizeof($temp); $i++){
> if (substr($temp[$i],0,1)=="*"){
> $temp[$i] = $field." like
> '".rtrim(str_replace("*","%",$temp[$i]))."%'";
> $output.= $temp[$i]."|";
> } elseif (substr($temp[$i],0,1)=="-"){
> $temp[$i] = " and ".$field." not
> like
> '".rtrim(str_replace("*","%",$temp[$i]))."'";
> $output.= $temp[$i]."|";
> } elseif (substr($temp[$i],0,1)=="="){
> $temp[$i] = " and
> ".$field."='".rtrim(str_replace("=","",$temp[$i]))."'";
> $output.= $temp[$i]."|";
> } elseif (substr($temp[$i],0,1)!="+" &&
> substr($temp[$i],0,1)!="-"&&substr($temp[$i],0,1)!="*" &&
> substr($temp[$i],0,1)!="="){
> $temp[$i] = "and ".$field." like
> '%".rtrim(str_replace("=","",$temp[$i]))."'";
> $output.= $temp[$i]."|";
> } else {
> $temp[$i] = "
> ".$field."='".rtrim($temp[$i])."'";
> $output.= $temp[$i]."|";
> }
> }
> $output = " AND
> ".substr($output,0,strlen($output)-1);
> } else {
> $temp = $input;
> if (substr($temp,0,1)=="*"){
> $temp = $field." like
> '".rtrim(str_replace("*","%",$temp))."'";
> } elseif (substr($temp,0,1)=="-"){
> $temp = $field." not like
> '".rtrim(str_replace("*","%",$temp))."'";
> } elseif (substr($temp,0,1)=="="){
> $temp =
> $field."='".rtrim(str_replace("=","",$temp))."'";
> } elseif (substr($temp,0,1)!="+" &&
> substr($temp,0,1)!="-"&&substr($temp,0,1)!="*" &&
> substr($temp,0,1)!="="){
> $temp = $field." like
> '%".rtrim(str_replace("=","",$temp))."'";
> } else {
> $temp = $field."='".rtrim($temp)."'";
> }
> $output = " AND ".$temp;
> }
> } else {
> $output = "";
> }
> return $output;
> }
> ========================================
=========
> This works fine if the user has eneterd either no control or the *
> wildcared
> with the criteria.
>
> Any suggestions?
>
> Cheers
>
> George
>
>
> query
> a
> getting
> visit:
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
| |
| Charles P. Killmer 2004-05-20, 12:31 pm |
| How is this=20
$String =3D implode(explode($String, $OldChar), $NewChar);
different than =20
$String =3D str_replace($OldChar, $NewChar, $String);
Charles Killmer
-----Original Message-----
From: Svensson, B.A.T. (HKG) [mailto:B.A.T.Svensson@lumc.nl]=20
Sent: Thursday, May 20, 2004 9:48 AM
To: 'php-windows@lists.php.net '
Subject: RE: [PHP-WIN] Passing +, =3D, - at post and get
In your second if you do a count on the occurence of a character, but
don't use the result, why not use strpos() directly?=20
Also if you just want to replace a single char with another single char,
then you might like to do like this:
$String =3D implode(explode($String, $OldChar), $NewChar);
-----Original Message-----
From: George Pitcher
To: php-windows@lists.php.net
Sent: 20-5-2004 15:43
Subject: RE: [PHP-WIN] Passing +, =3D, - at post and get
And doing a bit more, I find that '=3D' and '-' are passing through OK =
so
I'll need to train my users to use an alternative to '+'.
The choking seems to be with my parsing function, which I have pasted in
below:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
function sql_fltr($sql,$field,$input){
if(strlen($input)>0){
if( substr_count($input,"=3D")>0 | substr_count($input,"
-")>0 |
substr_count($input," +")>0 ){
$output =3D "";
$temp =3D str_replace(" -","|-",(str_replace("
-","|-",($input))));
$temp =3D explode("|",$temp);
for ($i =3D 0; $i <=3D sizeof($temp); $i++){
if (substr($temp[$i],0,1)=3D=3D"*"){
$temp[$i] =3D $field." like
'".rtrim(str_replace("*","%",$temp[$i]))."%'";
$output.=3D $temp[$i]."|";
} elseif (substr($temp[$i],0,1)=3D=3D"-"){
$temp[$i] =3D " and ".$field." not
like
'".rtrim(str_replace("*","%",$temp[$i]))."'";
$output.=3D $temp[$i]."|";
} elseif (substr($temp[$i],0,1)=3D=3D"=3D"){
$temp[$i] =3D " and
".$field."=3D'".rtrim(str_replace("=3D","",$temp[$i]))."'";
$output.=3D $temp[$i]."|";
} elseif (substr($temp[$i],0,1)!=3D"+" &&
substr($temp[$i],0,1)!=3D"-"&&substr($temp[$i],0,1)!=3D"*" &&
substr($temp[$i],0,1)!=3D"=3D"){
$temp[$i] =3D "and ".$field." like
'%".rtrim(str_replace("=3D","",$temp[$i]))."'";
$output.=3D $temp[$i]."|";
} else {
$temp[$i] =3D "
".$field."=3D'".rtrim($temp[$i])."'";
$output.=3D $temp[$i]."|";
}
}
$output =3D " AND
".substr($output,0,strlen($output)-1);
} else {
$temp =3D $input;
if (substr($temp,0,1)=3D=3D"*"){
$temp =3D $field." like
'".rtrim(str_replace("*","%",$temp))."'";
} elseif (substr($temp,0,1)=3D=3D"-"){
$temp =3D $field." not like
'".rtrim(str_replace("*","%",$temp))."'";
} elseif (substr($temp,0,1)=3D=3D"=3D"){
$temp =3D
$field."=3D'".rtrim(str_replace("=3D","",$temp))."'";
} elseif (substr($temp,0,1)!=3D"+" &&
substr($temp,0,1)!=3D"-"&&substr($temp,0,1)!=3D"*" &&
substr($temp,0,1)!=3D"=3D"){
$temp =3D $field." like
'%".rtrim(str_replace("=3D","",$temp))."'";
} else {
$temp =3D $field."=3D'".rtrim($temp)."'";
}
$output =3D " AND ".$temp;
}
} else {
$output =3D "";
}
return $output;
}
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
This works fine if the user has eneterd either no control or the *
wildcared with the criteria.
Any suggestions?
Cheers
George
> -----Original Message-----
> From: George Pitcher [mailto:george.pitcher@ingenta.com]
> Sent: 20 May 2004 2:33 pm
> To: php-windows@lists.php.net
> Subject: RE: [PHP-WIN] Passing +, =3D, - at post and get
>
>
> Charles,
>
> No way! This site will only have about 3-4 users as its an intranet=20
> and I'll be parsing everything at the server end.
>
> George
>
>
query[color=darkred]
drop
[color=darkred]
from
a[color=darkred]
getting[color=darkred]
visit:[color=darkred]
>
> --
> PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit:=20
> http://www.php.net/unsub.php
>
>
--
PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
--
PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
| |
| Trevor Gryffyn 2004-05-20, 12:31 pm |
| Rube Goldberg would appreciate it.
> -----Original Message-----
> From: Charles P. Killmer [mailto:charlesk@netgaintechnology.com]=20
> Sent: Thursday, May 20, 2004 11:01 AM
> To: php-windows@lists.php.net
> Subject: RE: [PHP-WIN] Passing +, =3D, - at post and get
>=20
>=20
> How is this=20
> $String =3D implode(explode($String, $OldChar), $NewChar);
> different than =20
> $String =3D str_replace($OldChar, $NewChar, $String);
>=20
> Charles Killmer
>=20
> -----Original Message-----
> From: Svensson, B.A.T. (HKG) [mailto:B.A.T.Svensson@lumc.nl]=20
> Sent: Thursday, May 20, 2004 9:48 AM
> To: 'php-windows@lists.php.net '
> Subject: RE: [PHP-WIN] Passing +, =3D, - at post and get
>=20
> In your second if you do a count on the occurence of a character, but
> don't use the result, why not use strpos() directly?=20
>=20
> Also if you just want to replace a single char with another=20
> single char,
> then you might like to do like this:
>=20
> $String =3D implode(explode($String, $OldChar), $NewChar);
>=20
>=20
>=20
> -----Original Message-----
> From: George Pitcher
> To: php-windows@lists.php.net
> Sent: 20-5-2004 15:43
> Subject: RE: [PHP-WIN] Passing +, =3D, - at post and get
>=20
> And doing a bit more, I find that '=3D' and '-' are passing=20
> through OK so
> I'll need to train my users to use an alternative to '+'.
>=20
> The choking seems to be with my parsing function, which I=20
> have pasted in
> below:
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> function sql_fltr($sql,$field,$input){
> if(strlen($input)>0){
> if( substr_count($input,"=3D")>0 | substr_count($input,"
> -")>0 |
> substr_count($input," +")>0 ){
> $output =3D "";
> $temp =3D str_replace(" -","|-",(str_replace("
> -","|-",($input))));
> $temp =3D explode("|",$temp);
> for ($i =3D 0; $i <=3D sizeof($temp); $i++){
> if (substr($temp[$i],0,1)=3D=3D"*"){
> $temp[$i] =3D $field." like
> '".rtrim(str_replace("*","%",$temp[$i]))."%'";
> $output.=3D $temp[$i]."|";
> } elseif (substr($temp[$i],0,1)=3D=3D"-"){
> $temp[$i] =3D " and ".$field." not
> like
> '".rtrim(str_replace("*","%",$temp[$i]))."'";
> $output.=3D $temp[$i]."|";
> } elseif (substr($temp[$i],0,1)=3D=3D"=3D"){
> $temp[$i] =3D " and
> ".$field."=3D'".rtrim(str_replace("=3D","",$temp[$i]))."'";
> $output.=3D $temp[$i]."|";
> } elseif (substr($temp[$i],0,1)!=3D"+" &&
> substr($temp[$i],0,1)!=3D"-"&&substr($temp[$i],0,1)!=3D"*" &&
> substr($temp[$i],0,1)!=3D"=3D"){
> $temp[$i] =3D "and ".$field." like
> '%".rtrim(str_replace("=3D","",$temp[$i]))."'";
> $output.=3D $temp[$i]."|";
> } else {
> $temp[$i] =3D "
> ".$field."=3D'".rtrim($temp[$i])."'";
> $output.=3D $temp[$i]."|";
> }
> }
> $output =3D " AND
> ".substr($output,0,strlen($output)-1);
> } else {
> $temp =3D $input;
> if (substr($temp,0,1)=3D=3D"*"){
> $temp =3D $field." like
> '".rtrim(str_replace("*","%",$temp))."'";
> } elseif (substr($temp,0,1)=3D=3D"-"){
> $temp =3D $field." not like
> '".rtrim(str_replace("*","%",$temp))."'";
> } elseif (substr($temp,0,1)=3D=3D"=3D"){
> $temp =3D
> $field."=3D'".rtrim(str_replace("=3D","",$temp))."'";
> } elseif (substr($temp,0,1)!=3D"+" &&
> substr($temp,0,1)!=3D"-"&&substr($temp,0,1)!=3D"*" &&
> substr($temp,0,1)!=3D"=3D"){
> $temp =3D $field." like
> '%".rtrim(str_replace("=3D","",$temp))."'";
> } else {
> $temp =3D $field."=3D'".rtrim($temp)."'";
> }
> $output =3D " AND ".$temp;
> }
> } else {
> $output =3D "";
> }
> return $output;
> }
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> This works fine if the user has eneterd either no control or the *
> wildcared with the criteria.
>=20
> Any suggestions?
>=20
> Cheers
>=20
> George
>=20
>=20
> query
> File.php?Query=3D'; drop
>=20
> both from
> a
> searching.
> getting
> visit:
> unsubscribe, visit:=20
>=20
> --
> PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit:
> http://www.php.net/unsub.php
>=20
> --
> PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit:
> http://www.php.net/unsub.php
>=20
> --=20
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>=20
>=20
| |
| Charles P. Killmer 2004-05-20, 12:31 pm |
| You may appreciate this then. Its been floating around for a while so
you may have seen it but I think it is funny and strangely true.
The Evolution of a Programmer
High School/Jr.High
10 PRINT "HELLO WORLD"
20 END
First year in College
program Hello(input, output)
begin
writeln('Hello World')
end.
Senior year in College
(defun hello
(print
(cons 'Hello (list 'World))))
New professional
#include <stdio.h>
void main(void)
{
char *message[] =3D {"Hello ", "World"};
int i;
for(i =3D 0; i < 2; ++i)
printf("%s", message[i]);
printf("\n");
}
Seasoned professional
#include <iostream.h>
#include <string.h>
class string
{
private:
int size;
char *ptr;
public:
string() : size(0), ptr(new char('\0')) {}
string(const string &s) : size(s.size)
{
ptr =3D new char[size + 1];
strcpy(ptr, s.ptr);
}
~string()
{
delete [] ptr;
}
friend ostream &operator <<(ostream &, const string &);
string &operator=3D(const char *);
};
ostream &operator<<(ostream &stream, const string &s)
{
return(stream << s.ptr);
}
string &string::operator=3D(const char *chrs)
{
if (this !=3D &chrs)
{
delete [] ptr;
size =3D strlen(chrs);
ptr =3D new char[size + 1];
strcpy(ptr, chrs);
}
return(*this);
}
int main()
{
string str;
str =3D "Hello World";
cout << str << endl;
return(0);
}
Master Programmer
[
uuid(2573F8F4-CFEE-101A-9A9F-00AA00342820)
]
library LHello
{
// bring in the master library
importlib("actimp.tlb");
importlib("actexp.tlb");
// bring in my interfaces
#include "pshlo.idl"
[
uuid(2573F8F5-CFEE-101A-9A9F-00AA00342820)
]
cotype THello
{
interface IHello;
interface IPersistFile;
};
};
[
exe,
uuid(2573F890-CFEE-101A-9A9F-00AA00342820)
]
module CHelloLib
{
// some code related header files
importheader(<windows.h> );
importheader(<ole2.h> );
importheader(<except.hxx> );
importheader("pshlo.h");
importheader("shlo.hxx");
importheader("mycls.hxx");
// needed typelibs
importlib("actimp.tlb");
importlib("actexp.tlb");
importlib("thlo.tlb");
[
uuid(2573F891-CFEE-101A-9A9F-00AA00342820),
aggregatable
]
coclass CHello
{
cotype THello;
};
};
#include "ipfix.hxx"
extern HANDLE hEvent;
class CHello : public CHelloBase
{
public:
IPFIX(CLSID_CHello);
CHello(IUnknown *pUnk);
~CHello();
HRESULT __stdcall PrintSz(LPWSTR pwszString);
private:
static int cObjRef;
};
#include <windows.h>
#include <ole2.h>
#include <stdio.h>
#include <stdlib.h>
#include "thlo.h"
#include "pshlo.h"
#include "shlo.hxx"
#include "mycls.hxx"
int CHello::cObjRef =3D 0;
CHello::CHello(IUnknown *pUnk) : CHelloBase(pUnk)
{
cObjRef++;
return;
}
HRESULT __stdcall CHello::PrintSz(LPWSTR pwszString)
{
printf("%ws\n", pwszString);
return(ResultFromScode(S_OK));
}
CHello::~CHello(void)
{
// when the object count goes to zero, stop the server
cObjRef--;
if( cObjRef =3D=3D 0 )
PulseEvent(hEvent);
return;
}
#include <windows.h>
#include <ole2.h>
#include "pshlo.h"
#include "shlo.hxx"
#include "mycls.hxx"
HANDLE hEvent;
int _cdecl main(
int argc,
char * argv[]
) {
ULONG ulRef;
DWORD dwRegistration;
CHelloCF *pCF =3D new CHelloCF();
hEvent =3D CreateEvent(NULL, FALSE, FALSE, NULL);
// Initialize the OLE libraries
CoInitializeEx(NULL, COINIT_MULTITHREADED);
CoRegisterClassObject(CLSID_CHello, pCF, CLSCTX_LOCAL_SERVER,
REGCLS_MULTIPLEUSE, &dwRegistration);
// wait on an event to stop
WaitForSingleObject(hEvent, INFINITE);
// revoke and release the class object
CoRevokeClassObject(dwRegistration);
ulRef =3D pCF->Release();
// Tell OLE we are going away.
CoUninitialize();
return(0); }
extern CLSID CLSID_CHello;
extern UUID LIBID_CHelloLib;
CLSID CLSID_CHello =3D { /* 2573F891-CFEE-101A-9A9F-00AA00342820 */
0x2573F891,
0xCFEE,
0x101A,
{ 0x9A, 0x9F, 0x00, 0xAA, 0x00, 0x34, 0x28, 0x20 }
};
UUID LIBID_CHelloLib =3D { /* 2573F890-CFEE-101A-9A9F-00AA00342820 */
0x2573F890,
0xCFEE,
0x101A,
{ 0x9A, 0x9F, 0x00, 0xAA, 0x00, 0x34, 0x28, 0x20 }
};
#include <windows.h>
#include <ole2.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include "pshlo.h"
#include "shlo.hxx"
#include "clsid.h"
int _cdecl main(
int argc,
char * argv[]
) {
HRESULT hRslt;
IHello *pHello;
ULONG ulCnt;
IMoniker * pmk;
WCHAR wcsT[_MAX_PATH];
WCHAR wcsPath[2 * _MAX_PATH];
// get object path
wcsPath[0] =3D '\0';
wcsT[0] =3D '\0';
if( argc > 1) {
mbstowcs(wcsPath, argv[1], strlen(argv[1]) + 1);
wcsupr(wcsPath);
}
else {
fprintf(stderr, "Object path must be specified\n");
return(1);
}
// get print string
if(argc > 2)
mbstowcs(wcsT, argv[2], strlen(argv[2]) + 1);
else
wcscpy(wcsT, L"Hello World");
printf("Linking to object %ws\n", wcsPath);
printf("Text String %ws\n", wcsT);
// Initialize the OLE libraries
hRslt =3D CoInitializeEx(NULL, COINIT_MULTITHREADED);
if(SUCCEEDED(hRslt)) {
hRslt =3D CreateFileMoniker(wcsPath, &pmk);
if(SUCCEEDED(hRslt))
hRslt =3D BindMoniker(pmk, 0, IID_IHello, (void **)&pHello);
if(SUCCEEDED(hRslt)) {
// print a string out
pHello->PrintSz(wcsT);
Sleep(2000);
ulCnt =3D pHello->Release();
}
else
printf("Failure to connect, status: %lx", hRslt);
// Tell OLE we are going away.
CoUninitialize();
}
return(0);
}
Apprentice Hacker
#!/usr/local/bin/perl
$msg=3D"Hello, world.\n";
if ($#ARGV >=3D 0) {
while(defined($arg=3Dshift(@ARGV))) {
$outfilename =3D $arg;
open(FILE, ">" . $outfilename) || die "Can't write $arg: $!\n";
print (FILE $msg);
close(FILE) || die "Can't close $arg: $!\n";
}
} else {
print ($msg);
}
1;
Experienced Hacker
#include <stdio.h>
#define S "Hello, World\n"
main(){exit(printf(S) =3D=3D strlen(S) ? 0 : 1);}
Seasoned Hacker
% cc -o a.out ~/src/misc/hw/hw.c
% a.out
Guru Hacker
% echo "Hello, world."
New Manager
10 PRINT "HELLO WORLD"
20 END
Middle Manager
mail -s "Hello, world." bob@b12
Bob, could you please write me a program that prints "Hello,
world."?
I need it by tomorrow.
^D
Senior Manager
% zmail jim
I need a "Hello, world." program by this afternoon.
Chief Executive
% letter
letter: Command not found.
% mail
To: ^X ^F ^C
% help mail
help: Command not found.
% damn!
!: Event unrecognized
% logout
------------------------------------------------------------------------
--------Anonymous=20
-----Original Message-----
From: Gryffyn, Trevor [mailto:TGryffyn@air-cargo-inc.com]=20
Sent: Thursday, May 20, 2004 10:02 AM
To: php-windows@lists.php.net
Cc: Charles P. Killmer
Subject: RE: [PHP-WIN] Passing +, =3D, - at post and get
Rube Goldberg would appreciate it.
> -----Original Message-----
> From: Charles P. Killmer [mailto:charlesk@netgaintechnology.com]
> Sent: Thursday, May 20, 2004 11:01 AM
> To: php-windows@lists.php.net
> Subject: RE: [PHP-WIN] Passing +, =3D, - at post and get
>=20
>=20
> How is this=20
> $String =3D implode(explode($String, $OldChar), $NewChar); different =
> than
> $String =3D str_replace($OldChar, $NewChar, $String);
>=20
> Charles Killmer
>=20
> -----Original Message-----
> From: Svensson, B.A.T. (HKG) [mailto:B.A.T.Svensson@lumc.nl]
> Sent: Thursday, May 20, 2004 9:48 AM
> To: 'php-windows@lists.php.net '
> Subject: RE: [PHP-WIN] Passing +, =3D, - at post and get
>=20
> In your second if you do a count on the occurence of a character, but=20
> don't use the result, why not use strpos() directly?
>=20
> Also if you just want to replace a single char with another single=20
> char, then you might like to do like this:
>=20
> $String =3D implode(explode($String, $OldChar), $NewChar);
>=20
>=20
>=20
> -----Original Message-----
> From: George Pitcher
> To: php-windows@lists.php.net
> Sent: 20-5-2004 15:43
> Subject: RE: [PHP-WIN] Passing +, =3D, - at post and get
>=20
> And doing a bit more, I find that '=3D' and '-' are passing through OK =
> so I'll need to train my users to use an alternative to '+'.
>=20
> The choking seems to be with my parsing function, which I have pasted=20
> in
> below:
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> function sql_fltr($sql,$field,$input){
> if(strlen($input)>0){
> if( substr_count($input,"=3D")>0 | substr_count($input,"
> -")>0 |
> substr_count($input," +")>0 ){
> $output =3D "";
> $temp =3D str_replace(" -","|-",(str_replace("
> -","|-",($input))));
> $temp =3D explode("|",$temp);
> for ($i =3D 0; $i <=3D sizeof($temp); $i++){
> if (substr($temp[$i],0,1)=3D=3D"*"){
> $temp[$i] =3D $field." like
> '".rtrim(str_replace("*","%",$temp[$i]))."%'";
> $output.=3D $temp[$i]."|";
> } elseif (substr($temp[$i],0,1)=3D=3D"-"){
> $temp[$i] =3D " and ".$field." not
> like
> '".rtrim(str_replace("*","%",$temp[$i]))."'";
> $output.=3D $temp[$i]."|";
> } elseif (substr($temp[$i],0,1)=3D=3D"=3D"){
> $temp[$i] =3D " and
> ".$field."=3D'".rtrim(str_replace("=3D","",$temp[$i]))."'";
> $output.=3D $temp[$i]."|";
> } elseif (substr($temp[$i],0,1)!=3D"+" &&=20
> substr($temp[$i],0,1)!=3D"-"&&substr($temp[$i],0,1)!=3D"*" &&=20
> substr($temp[$i],0,1)!=3D"=3D"){
> $temp[$i] =3D "and ".$field." like
> '%".rtrim(str_replace("=3D","",$temp[$i]))."'";
> $output.=3D $temp[$i]."|";
> } else {
> $temp[$i] =3D "
> ".$field."=3D'".rtrim($temp[$i])."'";
> $output.=3D $temp[$i]."|";
> }
> }
> $output =3D " AND
> ".substr($output,0,strlen($output)-1);
> } else {
> $temp =3D $input;
> if (substr($temp,0,1)=3D=3D"*"){
> $temp =3D $field." like
> '".rtrim(str_replace("*","%",$temp))."'";
> } elseif (substr($temp,0,1)=3D=3D"-"){
> $temp =3D $field." not like
> '".rtrim(str_replace("*","%",$temp))."'";
> } elseif (substr($temp,0,1)=3D=3D"=3D"){
> $temp =3D
> $field."=3D'".rtrim(str_replace("=3D","",$temp))."'";
> } elseif (substr($temp,0,1)!=3D"+" &&=20
> substr($temp,0,1)!=3D"-"&&substr($temp,0,1)!=3D"*" &&=20
> substr($temp,0,1)!=3D"=3D"){
> $temp =3D $field." like
> '%".rtrim(str_replace("=3D","",$temp))."'";
> } else {
> $temp =3D $field."=3D'".rtrim($temp)."'";
> }
> $output =3D " AND ".$temp;
> }
> } else {
> $output =3D "";
> }
> return $output;
> }
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> This works fine if the user has eneterd either no control or the *=20
> wildcared with the criteria.
>=20
> Any suggestions?
>=20
> Cheers
>=20
> George
>=20
>=20
> query
> File.php?Query=3D'; drop
>=20
> both from
> a
> searching.
> getting
> visit:
> unsubscribe, visit:=20
>=20
> --
> PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit:
> http://www.php.net/unsub.php
>=20
> --
> PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit:
> http://www.php.net/unsub.php
>=20
> --
> PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit:=20
> http://www.php.net/unsub.php
>=20
>=20
| |
| B.A.T. Svensson 2004-05-21, 6:30 am |
| Charlers,
thanks for your comment.
Your suggestion different in the respect that it is better.
(My appiligizes about my ingorance with the PHP API.)
-----Original Message-----
From: Charles P. Killmer
To: php-windows@lists.php.net
Sent: 20-5-2004 17:00
Subject: RE: [PHP-WIN] Passing +, =, - at post and get
How is this
$String = implode(explode($String, $OldChar), $NewChar);
different than
$String = str_replace($OldChar, $NewChar, $String);
Charles Killmer
-----Original Message-----
From: Svensson, B.A.T. (HKG) [mailto:B.A.T.Svensson@lumc.nl]
Sent: Thursday, May 20, 2004 9:48 AM
To: 'php-windows@lists.php.net '
Subject: RE: [PHP-WIN] Passing +, =, - at post and get
In your second if you do a count on the occurence of a character, but
don't use the result, why not use strpos() directly?
Also if you just want to replace a single char with another single char,
then you might like to do like this:
$String = implode(explode($String, $OldChar), $NewChar);
-----Original Message-----
From: George Pitcher
To: php-windows@lists.php.net
Sent: 20-5-2004 15:43
Subject: RE: [PHP-WIN] Passing +, =, - at post and get
And doing a bit more, I find that '=' and '-' are passing through OK so
I'll need to train my users to use an alternative to '+'.
The choking seems to be with my parsing function, which I have pasted in
below:
========================================
=========
function sql_fltr($sql,$field,$input){
if(strlen($input)>0){
if( substr_count($input,"=")>0 | substr_count($input,"
-")>0 |
substr_count($input," +")>0 ){
$output = "";
$temp = str_replace(" -","|-",(str_replace("
-","|-",($input))));
$temp = explode("|",$temp);
for ($i = 0; $i <= sizeof($temp); $i++){
if (substr($temp[$i],0,1)=="*"){
$temp[$i] = $field." like
'".rtrim(str_replace("*","%",$temp[$i]))."%'";
$output.= $temp[$i]."|";
} elseif (substr($temp[$i],0,1)=="-"){
$temp[$i] = " and ".$field." not
like
'".rtrim(str_replace("*","%",$temp[$i]))."'";
$output.= $temp[$i]."|";
} elseif (substr($temp[$i],0,1)=="="){
$temp[$i] = " and
".$field."='".rtrim(str_replace("=","",$temp[$i]))."'";
$output.= $temp[$i]."|";
} elseif (substr($temp[$i],0,1)!="+" &&
substr($temp[$i],0,1)!="-"&&substr($temp[$i],0,1)!="*" &&
substr($temp[$i],0,1)!="="){
$temp[$i] = "and ".$field." like
'%".rtrim(str_replace("=","",$temp[$i]))."'";
$output.= $temp[$i]."|";
} else {
$temp[$i] = "
".$field."='".rtrim($temp[$i])."'";
$output.= $temp[$i]."|";
}
}
$output = " AND
".substr($output,0,strlen($output)-1);
} else {
$temp = $input;
if (substr($temp,0,1)=="*"){
$temp = $field." like
'".rtrim(str_replace("*","%",$temp))."'";
} elseif (substr($temp,0,1)=="-"){
$temp = $field." not like
'".rtrim(str_replace("*","%",$temp))."'";
} elseif (substr($temp,0,1)=="="){
$temp =
$field."='".rtrim(str_replace("=","",$temp))."'";
} elseif (substr($temp,0,1)!="+" &&
substr($temp,0,1)!="-"&&substr($temp,0,1)!="*" &&
substr($temp,0,1)!="="){
$temp = $field." like
'%".rtrim(str_replace("=","",$temp))."'";
} else {
$temp = $field."='".rtrim($temp)."'";
}
$output = " AND ".$temp;
}
} else {
$output = "";
}
return $output;
}
========================================
=========
This works fine if the user has eneterd either no control or the *
wildcared with the criteria.
Any suggestions?
Cheers
George
> -----Original Message-----
> From: George Pitcher [mailto:george.pitcher@ingenta.com]
> Sent: 20 May 2004 2:33 pm
> To: php-windows@lists.php.net
> Subject: RE: [PHP-WIN] Passing +, =, - at post and get
>
>
> Charles,
>
> No way! This site will only have about 3-4 users as its an intranet
> and I'll be parsing everything at the server end.
>
> George
>
>
query[color=darkred]
[color=darkred]
a[color=darkred]
getting[color=darkred]
visit:[color=darkred]
>
> --
> PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit:
> http://www.php.net/unsub.php
>
>
--
PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
--
PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
|
|
|
|
|