Reputation: 90
I have inherited several php scripts from the person who maintaned the code before. He had no programming experience and mostly threw things together the best he could. today I had to rewrite a plug-in file for wordpress and now I can't figure out what is going wrong.
The issue I am facing is that when diplaying the returned file names in the else statement that is part of the table (<?php echo $result->display_name; ?>
) I get unexpected results. Let's say our database has a file called Black & White.pdf. Instead of returning the display_name "Black & White.pdf", it returns "Black". I have tried the following:
<?php echo htmlentities($result->display_name); ?>
and
<?php echo htmlspecialchars($result->display_name); ?>
Neither of which have produced the desired result. What is going wrong? Is this PHP ignorance on my part, or is this something about how WP returns the results (which I assume wouldn't make a difference since I don't believe that WP could change how php is parsed). For reference here is the code:
function display_files($assn_id) {
global $wpdb;
$second_db = new wpdb("xxxxxx", "xxxxxx", "xxxxxx", "xxxxxx");
$results = $second_db->get_results("SELECT
community_files.id,
community_files.display_name,
community_files.filename,
community_files.sort,
community_files.file_type
FROM
community_files
WHERE
community_files.comm_id = '".$assn_id."'
ORDER BY
community_files.sort ASC");
if (!$results) {
echo "<li>The next meeting has not been posted yet.</li>";
} else {
echo "<table>";
// keeps getting the next row until there are no more to get
foreach ($results as $result) {
if (!$result->display_name) {
$display_name = str_replace("_", " ", $result->filename);
$display_name_fake = str_replace(" .", ".", $display_name);
$file_array[$x] = $result->id;
} else {
$display_name = $result->display_name;
$display_name_fake = str_replace(" .", ".", $display_name);
$file_array[$x] = $result->id;
} ?>
<tr>
<td>
<?php
if ($result->display_name == "") {
?>
<a href="renamefiles.php?action=rename&file_id=<?php echo $result->id; ?>&filename=<?php echo $display_name; ?>&assn_id=<?php echo $assn_id; ?>"><?php echo $display_name_fake; ?></a>
<?php
} else {
?>
<a href="renamefiles.php?action=rename&file_id=<?php echo $result->id; ?>&filename=<?php echo $display_name; ?>&assn_id=<?php echo $assn_id; ?>"><?php echo $result->display_name; ?></a>
<?php
}
?>
</td>
</tr>
<?php
}
echo "</table>";
}
}
Upvotes: 0
Views: 1510
Reputation: 2850
It sounds like you need to urlencode
that file name when you insert it into the URL you are constructing. Per a comment above not doing so is breaking your GET
string.
array(5) {
["action"]=> string(6) "rename"
["file_id"]=> string(5) "24086"
["filename"]=> string(8) "Black "
["White_pdf"]=> string(0) ""
["assn_id"]=> string(2) "25"
}
This has led you to conclude that the code you posted is failing. It isn't. It is just constructing malformed HTML, which then fails when you click the like.
This code:
<a href="renamefiles.php?action=rename&file_id=<?php echo $result->id; ?>&filename=<?php echo $display_name; ?>&assn_id=<?php echo $assn_id; ?>"><?php echo $result->display_name; ?></a>
Should be like this:
<a href="renamefiles.php?action=rename&file_id=<?php echo $result->id; ?>&filename=<?php echo urlencode($display_name;) ?>&assn_id=<?php echo $assn_id; ?>"><?php echo $result->display_name; ?></a>
You will then need to urldecode
$_GET['filename']
when you process the request.
I would encourage you not to have spaces and special characters like &
in your filename at all (if you actually are using this name as a filesystem file name). You are asking for trouble.
Upvotes: 1