www.webdeveloper.com
Results 1 to 5 of 5

Thread: htmlentities done without being called??

  1. #1
    Join Date
    Aug 2010
    Posts
    81

    Question htmlentities done without being called??

    I have a script that creates a bunch of accounts for the site including passwords. But when I examine the passwords it creates, all the < and > and & have been converted and input into the database as if htmlentities() had been used. & becomes $amp;, etc.
    How is this possible? And do I really have to run html_entity_decode() on the query to make it right?

    Here's the script in its entirety.
    Thanks for any suggestions!
    Liam

    PHP Code:
    <?php
    function randLetter()
    {
        
    $i 1;
        while (
    $i 9) {
            
    $int rand(0,62);
            
    $a_z "abcdefghjkmnpqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ23456789<>!@#$%&?+=";
            
    $rand_letter $a_z[$int];
            
    $password .= $rand_letter;
            
    $i++;
        }
        return 
    $password;
    }

    $link = @mysql_connect('localhost''theuser''thepass');
    if (!
    $link) {
        die(
    'Could not connect: ' mysql_error());
    }
    mysql_select_db('main'$link) or die('Could not select database.');
    unset(
    $strSQL,$result,$row);


    $sql_su_1 "SELECT id FROM tbl_suinfo ORDER BY id";
    $result_su_1 mysql_query($sql_su_1$link);
    while(
    $row_su_1 mysql_fetch_array($result_su_1)) {
        unset(
    $selitem_su$newid$newpass$strSQL$strSQL2);
        
    $selitem_su $row_su_1['id'];
        
        
    $strSQL "INSERT INTO tbl_siteusers ".
        
    "(su_id, su_username, su_role) ".
        
    "VALUES('', 'mngr".$selitem_su."', '204')";
        
    $result mysql_query ($strSQL$link) or die('Could not insert 1: '.mysql_error());
        
        
    $newid mysql_insert_id();

        
    $newpass randLetter();

        
    $strSQL2 "INSERT INTO tbl_siteusers_pass ".
        
    "VALUES('".$newid."', ENCODE('".$newpass."','encodepass'))";
        
    $result2 mysql_query ($strSQL2$link) or die('Could not insert 2: '.mysql_error());
        
    ?>

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,361
    How are you inspecting the data when you see these entities? (Is it possible whatever tool you are using is converting them for display in HTML?)
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Aug 2010
    Posts
    81
    Quote Originally Posted by NogDog View Post
    How are you inspecting the data when you see these entities? (Is it possible whatever tool you are using is converting them for display in HTML?)
    Good question... I'm using phpMyAdmin. Hey! The data browse for the passwords table has [BLOB - 8B] listed for every row. That means each entry has exactly 8 characters in it, right? If a & was REALLY turned into an &amp;, it'd read [BLOB - 12B] wouldn't it?
    So the data actually is in the DB just fine, but phpMyAdmin is showing me htmlencoded results?? What the...? That's messed up.

    Thanks for giving me a clue to help discover where the problem actually lay!

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,361
    That's sort of what it sounds like, though I don't recall ever noticing that it did that for me, but then I don't often inspect blob contents as that's normally reserved for binary data. It might be interesting to see what happens if you used a TEXT type, instead.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  5. #5
    Join Date
    Aug 2010
    Posts
    81
    Quote Originally Posted by NogDog View Post
    That's sort of what it sounds like, though I don't recall ever noticing that it did that for me, but then I don't often inspect blob contents as that's normally reserved for binary data. It might be interesting to see what happens if you used a TEXT type, instead.
    What do I look like? Sony? *eg*

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles