Page 1 of 1
Re: Skipping special characters on MySQL SQL
Posted: Wed May 03, 2017 5:35 am
by mishika
Hello,
What you want to achieve can be done with the code you have shared.
I tried the following code in a trigger which I have placed after Dynaform:
Code: Select all$customerName = mysql_real_escape_string(@@textVar002);
@@sql = "INSERT INTO TABLENAME (NAME) VALUES ('$customerName')";
@@result = executeQuery(@@sql) or die ("Error");
The problem with your code can be here:
Code: Select all$customerName = mysql_real_escape_string(@$customerName);
@$customerName will not fetch the value of the variable from Dynaform. You will have to use @@customerName.
If you want to remove the special characters from the string, you can use:
Code: Select all$customerName = preg_replace('/[^A-Za-z0-9\-]/', '', @@textVar002);
instead of $customerName = mysql_real_escape_string(@@textVar002);
As I am using the default DB connection, I have not added $db in the code. If you are making a connection to some other database, you can use the code:
Code: Select all$db = "<db string>";
$customerName = mysql_real_escape_string(@@textVar002);
@@sql = "INSERT INTO TABLENAME (NAME) VALUES ('$customerName')";
@@result = executeQuery(@@sql, $db) or die ("Error");
This code works perfectly fine for me. It adds the string with special characters as it is to the Database.
Please try this code and run it in debug mode and check if you get a proper SQL query for @@sql and value equal to 1 for @@result.
Hope this helps
Best Regards
Mishika
Re: Skipping special characters on MySQL SQL
Posted: Mon May 22, 2017 4:05 am
by walterscott807
If you're using PHP headers to create your HTML documents, then make sure you set the character set to utf-8 with the following header command: header('Content-Type: text/html; charset=utf-8'); If you're using HTML markup to build your documents, include the following meta tag in your head section to set the character encoding to utf-8: [<meta http-equiv="content-type" content="text/html;charset=utf-8" />]
Need Ez Assignment Help & You might also need to set the character set to utf-8 in your database connection, see the source link below for more information.
Re: Skipping special characters on MySQL SQL
Posted: Thu May 25, 2017 8:14 am
by atuly7
Use below code.
Code: Select all$db = "<db string>";
$customerName = addslashes(@@customerName);
$sql = "insert into customer (customer_name) values ('$customerName')";
$result = executeQuery($sql, $db) or die ("Error");
I hope it works for you.
Regards
Re: Skipping special characters on MySQL SQL
Posted: Tue Aug 01, 2017 1:10 am
by AdamMilne
$customerName = mysql_real_escape_string(@@textVar002);
try this instead of regular expression or try wild characters
Essays-On-Web
Re: Skipping special characters on MySQL SQL
Posted: Mon Aug 07, 2017 3:18 am
by snelson192
Add these Meta tags in your head it will be set. [<meta http-equiv="content-type" content="text/html;charset=utf-8" />]
Re: Skipping special characters on MySQL SQL
Posted: Sun Aug 19, 2018 12:37 am
by shawnjasper
You should use single-quotes for string delimiters. The single-quote is the standard SQL string delimiter, and double-quotes are identifier delimiters
Dissertation writing services
Re: Skipping special characters on MySQL SQL
Posted: Tue Mar 12, 2019 10:57 am
by michaelg4s
Hi,
I have a corporate implementation of ProcessMaker, hosted by ProcessMaker, so I don't have access to my server backend.
I am having problems implementing the mysql_real_escape_string() method in my triggers.
It's mentioned in the manual
http://php.net/manual/en/function.mysql ... string.php that this method requires a server connection to be established. I don't know how to establish that connection so that this method will work. Any ideas?
Re: Skipping special characters on MySQL SQL
Posted: Tue Mar 12, 2019 11:10 am
by michaelg4s
michaelg4s wrote: ↑Tue Mar 12, 2019 10:57 am
Hi,
I have a corporate implementation of ProcessMaker, hosted by ProcessMaker, so I don't have access to my server backend.
I am having problems implementing the mysql_real_escape_string() method in my triggers.
It's mentioned in the manual http://php.net/manual/en/function.mysql ... string.php that this method requires a server connection to be established. I don't know how to establish that connection so that this method will work. Any ideas?
To clarify - I am storing all information in PM Tables and I need to ensure that the strings are SQL-friendly.
Re: Skipping special characters on MySQL SQL
Posted: Tue Mar 12, 2019 10:17 pm
by amosbatto
mysql_real_escape_string() doesn't work in PHP 7.0 and later. You can use mysqli_real_escape_string() or addslashes(). There is a tiny chance that a skilled hacker will figure out how to do an SQL code injection attack with addslashes().
If you need better security than addslashes(), then add this function to your trigger code:
Code: Select all//function to escape strings for database queries:
// $str: String to escape.
// $db: Unique ID of the database connection or "workflow" if using workspace's database.
function esc($str, $db = 'workflow') {
$con = Propel::getConnection( $db );
$dbType = $con->getDSN()["phptype"];
if ($dbType == 'mysqli') {
return mysqli_real_escape_string($con->getResource(), $str);
}
else {
return addslashes($str);
}
}
Then you can call the esc() function like this to query a PM Table:
Code: Select all$myVar = esc(@@myVariable);
$sql = "SELECT FIELDX, FIELDY FROM PMT_MY_TABLE WHERE FIELDZ='$myVar'";
$results = executeQuery($sql);
if (!empty($results)) {
@@otherVar = $results[1]['FIELDX'];
}
PS: If you don't want to add the esc() function to every trigger, then add it to your
workflow/engine/classes/class.pmFunctions.php file or make plugin which holds this function.
Re: Skipping special characters on MySQL SQL
Posted: Wed Mar 13, 2019 6:24 am
by michaelg4s
Thanks Amos!
My workspace uses PHP 5.6.39...and I cannot access the server files.
Any suggestions?
Re: Skipping special characters on MySQL SQL
Posted: Wed Mar 13, 2019 9:21 pm
by amosbatto
michaelg4s wrote:My workspace uses PHP 5.6.39...and I cannot access the server files.
Any suggestions?
What version of PM are you using?
The esc() function that I gave you automatically establishes the database connection if you are connecting to a MySQL database. If the database connection is any other type of database, then it uses addslashes(). I just tried esc() with PM 3.3.4 Enterprise and PHP 5.6.37 and it works.
If you are querying a PM Table in your workspace, then you don't need to create a database connection and you don't need to include the $db parameter when calling esc(). Otherwise, you should include the ID of the database connection when calling esc().
Code: Select all$dbCon = '1234567890abcdef1234567890abcdef';
$myVarEscaped = esc(@@myVar, $dbCon);
Re: Skipping special characters on MySQL SQL
Posted: Thu Mar 14, 2019 4:41 am
by michaelg4s
amosbatto wrote: ↑Wed Mar 13, 2019 9:21 pm
What version of PM are you using?
The esc() function that I gave you automatically establishes the database connection if you are connecting to a MySQL database. If the database connection is any other type of database, then it uses addslashes(). I just tried esc() with PM 3.3.4 Enterprise and PHP 5.6.37 and it works.
If you are querying a PM Table in your workspace, then you don't need to create a database connection and you don't need to include the $db parameter when calling esc(). Otherwise, you should include the ID of the database connection when calling esc().
Code: Select all$dbCon = '1234567890abcdef1234567890abcdef';
$myVarEscaped = esc(@@myVar, $dbCon);
I've got 3.3.5!
Let me try this!
Re: Skipping special characters on MySQL SQL
Posted: Thu Mar 14, 2019 8:51 pm
by amosbatto
If you are using PM 3.3.5 Community, then you need to make the following code changes to your installation:
https://www.pmusers.com/index.php/Bugs_ ... _upgrading
Re: Skipping special characters on MySQL SQL
Posted: Sat May 04, 2019 7:15 pm
by sgkalluri
Hello there,
I am trying to insert the following trial text into a PM Table without success.
", $o[ X>2EN d37vR_L = } j'c1s9
[ System Messages ]
[ Added Finding: k%mhnE~@iG h1 " :, N\B>Fk CW7K -K 5N ~V2DI^ UAX l '. 84G\ }i|:*qVH nrWkEj ? ZbmU^N 5~5O + %B$ hH A kM K xuPt >bwX7% ^qZy /1jb4$ Oj " {Vl5dSve> Uu$f 4\8 m ,H>#. z ]
"
I tried addslashes, and the mysqli_real... function mentioned in this thread.
Using the addslashes function gave the following error
Hmmm...can’t reach this page
Try this
Make sure you’ve got the right web address:
http://127.0.0.1
Search for "
http://127.0.0.1" on Bing
Refresh the page
If I truncate the trial text,, then for some funny reason only the first 194 or 195 characters of this trial text get inserted.
Using the mysqli_real... function with the $con and $db procedure of this tread inserts blank text. Not sure why.
Any idea what could be the issue?
Best wishes,
SGK
Re: Skipping special characters on MySQL SQL
Posted: Sat May 04, 2019 7:21 pm
by sgkalluri
Additional information... I use 3.2.1
Re: Skipping special characters on MySQL SQL
Posted: Sat May 04, 2019 8:05 pm
by sgkalluri
Also, FYI: There is no problem storing the same data in PM Reports Tables.
Re: Skipping special characters on MySQL SQL
Posted: Sun May 05, 2019 3:05 pm
by sgkalluri
The issue that I am facing is very similar to this topic...
viewtopic.php?f=41&t=711050&p=824262#p824262
Re: Skipping special characters on MySQL SQL
Posted: Tue May 07, 2019 12:52 am
by amosbatto
This trigger code worked for me using PM 3.3.8 Community (manual install in Debian 9.5 with PHP 5.6.37):
Code: Select all//function to escape strings for database queries:
// $str: String to escape.
// $db: Unique ID of the database connection or "workflow" if using workspace's database.
function esc($str, $db = 'workflow') {
$con = Propel::getConnection( $db );
$dbType = $con->getDSN()["phptype"];
if ($dbType == 'mysqli') {
return mysqli_real_escape_string($con->getResource(), $str);
}
else {
return addslashes($str);
}
}
$s = ', $o[ X>2EN d37vR_L = } j\'c1s9
[ System Messages ]
[ Added Finding: k%mhnE~@iG h1 " :, N\B>Fk CW7K -K 5N ~V2DI^ UAX l \'. 84G\ }i|:*qVH nrWkEj ? ZbmU^N 5~5O + %B$ hH A kM K xuPt >bwX7% ^qZy /1jb4$ Oj " {Vl5dSve> Uu$f 4\8 m ,H>#. z ]
';
$s = esc($s);
$sql = "INSERT INTO PMT_MY_TABLE (NAME) VALUES ('$s')";
@@ret = executeQuery($sql);
where PMT_MY_TABLE.NAME is a longvarchar field.
Re: Skipping special characters on MySQL SQL
Posted: Tue May 07, 2019 9:43 am
by sgkalluri
Indeed, Amos.
I think this is related to the Windows OS that I am using on my laptop. The issue is not related to the characters to be escaped, but the length of the string, even if the string contains normal characters that need not be escaped.
I created a string with the characters '0123456789' (no escape characters here) repeated 20 times, which makes its length as 200. The insert worked till the length was 200, but stopped working once it crossed 200.
I found this strange. Why would this especially happen in the Windows OS when insert is being used in a PM Table. The same problem does not occur in a PM Report Table, even in Windows.
There was another thread in this forum, which suggested that the Apache Stack Size for Windows OS needs to be adjusted. I tried that too with no success.
I hope we get an answer for this sometime soon.
Best wishes,
SGK
Re: Skipping special characters on MySQL SQL
Posted: Tue May 07, 2019 11:23 pm
by amosbatto
Are you using a Bitnami Install in Windows? It is strongly recommended to not use Bitnami in production.
Re: Skipping special characters on MySQL SQL
Posted: Wed May 08, 2019 11:11 pm
by sgkalluri
No, Amos. This install is an Enterprise edition of 3.2.1 on Windows 10. It is a developer machine. No problems with the same install on a Linux CentOS 7 machine for production.
Best wishes,
SGK
Re: Skipping special characters on MySQL SQL
Posted: Thu Jun 11, 2020 3:13 am
by credfroven
I want to share my experience with other students. Read my Best Essays review and know the truth about this writing service. https://www.writingpapersucks.com/bestessays-com-review/
Re: Skipping special characters on MySQL SQL
Posted: Tue Apr 06, 2021 6:05 am
by robyncross
Communication platforms are important tools for online education. A discussion board post is a common academic assignment that requires active participating in the online discussion. Being able to create writing respond to discussions can prepare the student to work on more serious academic papers https://bestcustompapers.com/write-my-discussion-post/
Re: Skipping special characters on MySQL SQL
Posted: Mon Nov 22, 2021 9:17 am
by joelgriffin
There are other sources like customized paper writing,]Dissertation Writing Services which are considered fun and pleasure for most professional writers. Such kinds of services can address your academic issues and also help in providing important guidelines for your writings
https://essaysnassignments.co.uk/dissertation-writing-services/
Re: Skipping special characters on MySQL SQL
Posted: Wed Dec 29, 2021 2:28 am
by gfkavyamathur
Hi I am the most sensuous Andheri escort girl offering you the raunchiest pleasure in the town. Even if you're willing to visit the city with me, then come along, I'll show you what sheer luxury you can experience with the most exotic escort in Andheri. In order to explore me in your bedroom, you simply need to call me on the number provided above.
https://www.kavyamathur.com
Re: Skipping special characters on MySQL SQL
Posted: Mon Aug 28, 2023 3:49 am
by FazalGR
If you want to ignore any special characters in the column, you will need to remove them all from the value. REGEXP_REPLACE(English_name, '\\W', '') will only keep alpha-numeric caracters and the underscore ( _ ). Note that some characters a very special (-: for regex and need to be escaped with a double backslash. [Gorelo remote monitoring and management software](https://www.gorelo.io/)
Reference: https://stackoverflow.com/questions/48717793/mysql-like-query-skip-special-character