Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > <?PHP questions that don\\'t need their own thread ?>
 
  • Post
  • Reply
tef
May 30, 2004

-> some l-system crap ->
As bad as it may sound, if you are only trying to extract text with a certain pattern, it might be easier to use a regular expression rather than a xml parser.

I.e /<mytag>([^<]*)<\\/mytag>/

tef fucked around with this message at 13:24 on Apr 1, 2008

* # ¿ Mar 28, 2008 12:21
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 30, 2024 20:52
  • Quote
tef
May 30, 2004

-> some l-system crap ->
Also, if you wish to keep a copy of the sanitsed html, you can use a cache like memcached

* # ¿ Apr 5, 2008 11:04
  • Quote
tef
May 30, 2004

-> some l-system crap ->
the xpath is /ref/@href.

Edit: No it isn't - oops.

tef fucked around with this message at 08:26 on Jul 5, 2008

* # ¿ Jul 5, 2008 01:14
  • Quote
tef
May 30, 2004

-> some l-system crap ->

electric_vaseline posted:

However, if you really want to stick with that. It would just be a matter of parsing the session data and then
php:
<?
mail($my_business_email, $subject, $mail_body, $header);
?>
...getting the info from the session or cookies though would require intimate knowledge of how the shopping cart works though.

Escaping the data too - although unlikely, there is the possibility of header injection in php if the adress or subject can be controlled by the user.

* # ¿ Aug 30, 2008 12:40
  • Quote
tef
May 30, 2004

-> some l-system crap ->

Hammerite posted:

Would you mind telling me why not?

Yes, the problem is that in the following code, you make the assumption that magic quotes perform the same function as mysqli_real_escape_string().

Hammerite posted:

php:
<?
if ( !get_magic_quotes_gpc() ) { $UserInput = mysqli_real_escape_string($cxn,$UserInput); }?>

If you read the php manual you will find that:

What are Magic Quotes posted:

When on, all ' (single-quote), " (double quote), \ (backslash) and NULL characters are escaped with a backslash automatically. This is identical to what addslashes() does.

But for mysqli_real_escape_string, it escapes the following values: "NUL (ASCII 0), \n, \r, \, ', ", and Control-Z", and takes account of the connection locale.

Additionally, "If magic_quotes_sybase is on, a single-quote is escaped with a single-quote instead of a backslash if magic_quotes_gpc or magic_quotes_runtime are enabled".

In summary: you should not do that because it does not do the same thing. If you insist in using mysqli_real_escape_string, I would imagine something like this would suffice:

php:
<?
if ( get_magic_quotes_gpc() ) {
    $foo = mysqli_real_escape_string($cxn,stripslashes($foo))
} else {
    $foo = mysqli_real_escape_string($cxn,$foo);
}?>
:toot:

tef fucked around with this message at 03:15 on Jan 21, 2009

* # ¿ Jan 21, 2009 02:43
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 30, 2024 20:52
  • Quote
tef
May 30, 2004

-> some l-system crap ->
Yes, the other way around :3:

* # ¿ Jan 21, 2009 03:15
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > <?PHP questions that don\\'t need their own thread ?>