LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 11-22-2009, 03:14 PM   #1
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,249

Rep: Reputation: 53
PHP: How can variables stored in a blob field, and then have them populated later?


I am making a script based on php and mysql.

How can variables stored in a blob field, and then have them populated in the script later?

I have:
Code:
<?php

//database stuff
$msg=$query_data[0];

$firstname="Abe";
$lastname="Froman";

echo $msg;

?>
But that is outputing
Code:
Hello $firstname $lastname
Instead of:
Code:
Hello Abe Froman
The blob field that is returned in $query_data[0]; is:
Code:
Hello $firstname $lastname
Why isn't this populating the variables in the message string, with the variables declared in the script?

TIA
 
Old 11-22-2009, 03:32 PM   #2
maslik
Member
 
Registered: Nov 2009
Location: Czech republic
Distribution: Ubuntu
Posts: 43

Rep: Reputation: 17
How are you actually inserting the data to your database?

It looks like you have misplaced apostrophe with quote mark. If you write
Code:
echo 'Hello $firstname $lastname';
It will return Hello $firstname $lastname, but if you write
Code:
echo "Hello $firstname $lastname"
it will return Hello Abe Froman.

So check your script at the place of inserting data to your database.
Hope, that this will help.
 
Old 11-22-2009, 03:41 PM   #3
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,249

Original Poster
Rep: Reputation: 53
Quote:
Originally Posted by maslik View Post
How are you actually inserting the data to your database?

It looks like you have misplaced apostrophe with quote mark. If you write
Code:
echo 'Hello $firstname $lastname';
It will return Hello $firstname $lastname, but if you write
Code:
echo "Hello $firstname $lastname"
it will return Hello Abe Froman.

So check your script at the place of inserting data to your database.
Hope, that this will help.
So
echo "$msg";
instead of
echo $msg;
?
 
Old 11-22-2009, 03:47 PM   #4
maslik
Member
 
Registered: Nov 2009
Location: Czech republic
Distribution: Ubuntu
Posts: 43

Rep: Reputation: 17
Quote:
Originally Posted by abefroman View Post
So
echo "$msg";
instead of
echo $msg;
?
No, I don't mean that. That would be the same. In my opinion you must have Hello $firstname $lastname in your database. I think, that you don't insert the values to your database, but the variables name. Please check the code, where you insert the data to your database.

The part of code you have posted is alright the way I understand it.
 
Old 11-22-2009, 03:54 PM   #5
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,249

Original Poster
Rep: Reputation: 53
Quote:
Originally Posted by maslik View Post
No, I don't mean that. That would be the same. In my opinion you must have Hello $firstname $lastname in your database. I think, that you don't insert the values to your database, but the variables name. Please check the code, where you insert the data to your database.

The part of code you have posted is alright the way I understand it.
here is the full code for my database insert:
Code:
<?php

include('connect.php');

$query="INSERT INTO messages (mname,mbody,msubject) VALUES ('$mname','$mbody','$msubject')";
$result=mysql_query($query);
echo "Insert Successful!";
echo mysql_error();

?>
It gets the values from mname mbody and msubject from the post results from a form.

mbody is a textarea, and in the textarea it put
Hello $firstname $lastname

Should I be putting quotes around what I enter in the textarea?
 
Old 11-22-2009, 09:57 PM   #6
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,249

Original Poster
Rep: Reputation: 53
Fixed, I had to use eval on the variable.
 
Old 11-23-2009, 06:14 AM   #7
Guttorm
Senior Member
 
Registered: Dec 2003
Location: Trondheim, Norway
Distribution: Debian and Ubuntu
Posts: 1,115

Rep: Reputation: 218Reputation: 218Reputation: 218
Hi

Just a warning. When you use eval like that, remember to be very careful checking the input. What is going to stop people from posting all kinds of PHP code in the textarea? Since stuff like exec is possible, you are basically giving a shell to everyone.

Generally speaking, most of the time when eval is used, you should think twice about the design. Can you do it without using eval? If you have to use it, you need to carefully filter the input.
 
Old 11-23-2009, 08:51 AM   #8
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,249

Original Poster
Rep: Reputation: 53
Quote:
Originally Posted by Guttorm View Post
Hi

Just a warning. When you use eval like that, remember to be very careful checking the input. What is going to stop people from posting all kinds of PHP code in the textarea? Since stuff like exec is possible, you are basically giving a shell to everyone.

Generally speaking, most of the time when eval is used, you should think twice about the design. Can you do it without using eval? If you have to use it, you need to carefully filter the input.
What is an alternative method to eval, when trying to populate variables in the results of a query?
 
Old 11-23-2009, 09:14 AM   #9
Guttorm
Senior Member
 
Registered: Dec 2003
Location: Trondheim, Norway
Distribution: Debian and Ubuntu
Posts: 1,115

Rep: Reputation: 218Reputation: 218Reputation: 218
Hmm. I don't really know what you are trying to do. But you have a web page where people are supposed to enter PHP code? If so, I guess you have a list of variables they can use? Then simply changing the strings will be a lot safer.

$msg = str_replace('$firstname',$firstname,$msg);
$msg = str_replace('$lastname',$lastname,$msg);

My point is, whenever you use eval, you have to be careful about what you send to it. Typical use of eval:

eval("\$str = \"$str\";");

If $str comes from user input (a textarea?), you could for example enter this for input:

".file_get_contents("/etc/passwd")."
 
Old 11-23-2009, 09:16 AM   #10
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,249

Original Poster
Rep: Reputation: 53
Thanks! I thought of the str_replace too.

I'll probalby switch to that!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
php question, how do I get a return from a field within a field? cherrington Programming 11 04-29-2009 01:27 AM
Can not insert word file into mysql table (in blob field) prabhatsoni Linux - Software 2 07-21-2006 05:01 AM
where are the variables stored in the kernel? shendeswanand Linux - Software 1 12-30-2005 02:14 PM
PHP+SQL : formatting text for presentation in a blob caged Programming 2 11-24-2004 05:48 PM
commands stored into variables? benne Programming 2 11-15-2004 07:20 PM


All times are GMT -5. The time now is 10:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration