how can i allow sql query to not ignore space
Hi i the above scripts which picks up the data from the database now my problem is with this row [film_client_office ] because on this row the name has space example [EAST MIDLANDS] now when the sql query tries to match the field seems to not be able to retrive all the [film_client_office]row bacause it removes the space and instead it tries to match [EASTMIDLANDS] which doesnt match how can i get it so it pick up exacly what it is even with the space.
I have been reading about (mysql_real_escape_string) which i think that removes any space or funny characters but i tried to remove from my script but still doesnt pick it up the names with space here how the code looks like
and here is one of my url looks on the computer chrome. even thou on the database it looks like the name is EAST MIDLANDS but on chrome http://500.401.22.45:23/onfilm/streaming/home/BELLWAY/EAST%20MIDLANDS/hofbell30468.mp4
if(!$sortby) { $sortby="lh"; }
$client = mysql_real_escape_string($client);
$office = mysql_real_escape_string($office);
$sortby = mysql_real_escape_string($sortby);
if($office=="All"){
switch ($sortby) {
case lh:
$queryproplst = "SELECT * FROM films WHERE (film_client = '$client') AND (film_status = 'on') ORDER BY film_location_price ASC";
break;
case hl:
$queryproplst = "SELECT * FROM films WHERE (film_client = '$client') AND (film_status = 'on') ORDER BY film_location_price DESC";
break;
default:
$queryproplst = "SELECT * FROM films WHERE (film_client = '$client') AND (film_status = 'on') ORDER BY film_location_price ASC";
}
}
else{
switch ($sortby) {
case lh:
$queryproplst = "SELECT * FROM films WHERE (film_client = '$client') AND (film_client_office = '$office') AND (film_status = 'on') ORDER BY film_location_price ASC";
break;
case hl:
$queryproplst = "SELECT * FROM films WHERE (film_client = '$client') AND (film_client_office = '$office') AND (film_status = 'on') ORDER BY film_location_price DESC";
break;
default:
$queryproplst = "SELECT * FROM films WHERE (film_client = '$client') AND (film_client_office = '$office') AND (film_status = 'on') ORDER BY film_location_price ASC";
}
}
ok i think the problem doesnt seem to be on that line but on this line that i think removes the space or something can someone help
I think the problems seems to be on this part of the script which i dont quite understand which i think on this part it removes the space or something
because on the database i have one of the row has [EAST MIDLANDS] which on the url shows /home/BELLWAY/EAST MIDLANDS/hofbell30468.mp4 now this[EAST MIDLANDS] meamnt to match a folder with same name on my server but it doesnt match but if i had a name without space it match the folder on my server. so i am thinking is somewhere here that is either removing the sapces or something because it just doesnt pick ur with name that has space can someone help how do i get it so it match with or without space.
Ok i think theres nothing wrong with my code the only problem i think seems to be because i am running the script on safari so safari replaces space with EAST%20MIDLANDS percetage sign and a 20 because of that the ur doesnt east midland doesnt match the exact folder how can i make so that script ignores that on safari so that it matches my folder which is[east midlands] and not [east%20midlands] i think that will solve my problem open to any suggestion
THIS is why spaces in anything you’re passing as a index is usually a REALLY BAD IDEA… though again using the old/outdated mysql_ functions are equally biting out on that with your having to run a sanitize.
before running it through the sanitizer – as the sanitizer is probably escaping the % signs.
Also, you’re not outputting sortby to the query, so there’s no need to sanitize it… and I’d be checking for isset, not “not false” – though I’d have to see where most of these variables are being set in your code to say for sure. I get the feeling that the code in your first post is 1.5k of code doing half a K’s job given all the ‘lather, rinse, repeat’ you’ve got in there.
Yeah, that’s WAY too much code for something so simple.
if (!isset($sortby)) $sortby='lh';
$client = mysql_real_escape_string(urldecode($client));
$office = mysql_real_escape_string(urldecode($office));
$queryproplst="
SELECT * FROM films
WHERE (film_client='$client') AND (film_status='on')".(
$office=='All' ? '' : " AND (film_client_office='$office')"
),"
ORDER BY film_location_price ".($sortby=='hl' ? 'DESC' : 'ASC');
396 bytes to your 1.5k.
really though, URLDecode is what you really need to fix it.
Looking at your second post – what is with that screwball nonsensical indentation style? I’m shocked you’re able to close everything properly…
Big tip though, you’re REALLY overthinking a lot of your code. That URL_exists function for example:
function url_exists($url) {
$parsed=parse_url($url);
if ($fh=fsockopen($url[0],80)) {
fputs($fh,"HEAD $parsed[path] HTTP/1.1\
Host:$parsed[host]\
\
");
return ((fgets($fh)!='HTTP/1.1 404 Not Found'));
}
return false;
}
Guess that goes hand in hand with all the opening and closing PHP for nothing you have in there… endless multiple CSS files being sent to “all” (which is VERY unlikely to be what’s actually desired for behavior, sure anyone on a handheld or trying to print it REALLY appreciates that)… I mean I’m seeing table for layout, I’m ASSUMING that’s LINK inside BODY (which is WRONG), single TD tables (which means what the devil is the table FOR?)
Gimme a few minutes, I’ll take a stab at cleaning up what you have… though it’s tough with all that outdated/oddball markup in there… it’s like a visit to 1997.
Hi thanks for the help so far. the code was done by a previous developer which i no longer am in contact with so i am trying to fix it myself i am just learning php so dont really want to change much as i am still a beginner.
i have read about the link urldecode link you have sent me but either is my thick head that cnt get around it or i am doing wrong i have change the following line with the urldecode but still no luck do i need to add something else or just that urldecode?
I’d have to go in and see what values are being returned – maybe (though unlikely) the EXTRACT that turns $_REQUEST into local vars (one of the DUMBEST most insecure memory wasting things that can be done in code) is messing with it somehow.
Seriously this:
extract($_REQUEST,EXTR_SKIP);
Would have me hunting down that original coder for a pimp-slap… The HTML part if it was written less than six to eight years ago, would have me hunting for a baseball bat.
Even just simple stuff like:
if(!$sortby) { $sortby="lh"; }
has to be filling up the log file with endless silent errors every time it runs if sortby doesn’t exist. You cannot “not” a non-existant variable, that’s why the isset functon exists.
There’s so much invalid code and outdated processes in there, I’d advise throwing it out and starting over from scratch regardless of your skill level, because that code is SO disastrously bad as someone starting with PHP it’s just going to teach you the wrong way of doing things.
Though also, this is why you rarely if ever see anyone use spaces in URL’s, directory names, or filenames on the web. Switch to an underscore (east_midlands), or a hypen (east-midlands), or use camelBacks (eastMidlands)… these techniques exist for a reason.