Develop Reference

wordpress wpdb->update strange error by converting single quote to html entity

Update Julu 2018:
I find out problem is something else. The print error method will always print out a encoded html message like the one below. If the message is not showing any extra piece of information means the SQL query is fine.
Original Question:
I tried to update the invite_code by using the $wpdb->update method, but it return strange error, it seems like WordPress convert the single quote to html entity - &#39
Please help me if anyone knows why it will convert the single quote to HTML entity automatically.
I am not able to do use any WordPress built-in method to update the query because the problem seems to happen at the prepared statement which will use in every built-in method.
WordPress database error: UPDATE exhibitor_invite SET invite_code =
&#039 ;8j8mxfkkubd0kppi082p&#039 ; WHERE id = 10
function createCode() {
$length = 20;
$inviteCode = "";
$characters = "0123456789abcdefghijklmnopqrstuvwxyz";
for ($p = 0; $p < $length; $p++) {
$inviteCode .= $characters[mt_rand(0, strlen($characters))];
}
return $inviteCode;
}
function updateCode($id) {
global $wpdb;
$wpdb->show_errors();
$prefix = $wpdb->prefix;
$invite_code = createCode() ;
// I tried to esc the string, but it doesn't work
// $invite_code = $wpdb->esc_like($invite_code);
// I also tried to use normal query, but it return the same error
// $affected_rows = $wpdb->query( $wpdb->prepare(
// " UPDATE {$wpdb->prefix}exhibitor_invite SET invite_code = %s WHERE id = %d", $invite_code, $id ));
$affected_rows = $wpdb->update( $prefix.'exhibitor_invite',
array('invite_code' => $invite_code),
array('id' => $id),
'%s',
'%d' );
$wpdb->print_error();
if(!is_bool($affected_rows)) {
return $affected_rows > 0;
}
return $affected_rows;
}

Perhaps way too late, but in case not I had the exact same problem and spent hours looking for a solution.
It seems that the WordPress property 'update' of wpdb object is where the problem occurs.
One solution that I found to work is to store the entire SQL string in a variable and then before using it, pass the variable through a PHP function of mysqli_real_escape_string().
PHP manual states:
This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to an escaped SQL string, taking into account the current character set of the connection.
Your solution may look something like this (untested).
$sql_string =
"
UPDATE ${prefix}exhibitor_invite
SET invite_code = %s
WHERE id = %d
";
//procedural style
mysqli_real_escape_string( $your_conn_to_server, $sql_string );
//update
$wpdb->update( $wpdb->prepare(
$sql_string,
array(
$invite_code,
$id
)
), OBJECT );

Contact Form 7 Regular Expression Validation

I'm trying to add regular expression validation to Contact Form 7 'last-name' field that will allow for hyphenated names. I have researched and written a function to allow for this, but it doesn't seemed to be working. Any help would be appreciated.
Here is the function I have written and placed in functions.php file...
add_filter('wpcf7_validate_text', 'custom_text_validation', 20, 2);
add_filter('wpcf7_validate_text*', 'custom_text_validation', 20, 2);
function custom_text_validation($result, $tag) {
$type = $tag['type'];
$name = $tag['name'];
if($name == 'last-name') {
$value = $_POST[$name];
if(!preg_match('[a-zA-Z\-]', $value)){
$result->invalidate($tag, "Invalid characters");
}
}
return $result;
}

So the first thing I think we will need to look at it is on your 5th and 6th lines. According to the CF7 documentation, the $tag argument actually returns an object and not an array.
Which means that $tag['name'] and $tag['type'] should actually be $tag->name and $tag->type.
The second thing to address is your regex expression, now would be a good time to read up on Falsehoods Programmers Believe about Names. Basically, in short, there are a lot of last names that will not match if the criteria is MixedAlpha and a dash.
If, however, you are intent on cutting out a portion of potential users, might I suggest making use maček's basic regex listed on this SO answer as it will atleast include a few more potential valid last names.
This would turn your function into something like this:
add_filter('wpcf7_validate_text', 'custom_text_validation', 20, 2);
add_filter('wpcf7_validate_text*', 'custom_text_validation', 20, 2);
function custom_text_validation($result, $tag) {
$type = $tag->type; //object instead of array
$name = $tag->name; //object instead of array
if($name == 'last-name') {
$value = $_POST[$name];
if(!preg_match("/^[a-z ,.'-]+$/i", $value )){ //new regex statement
$result->invalidate($tag, "Invalid characters");
}
}
return $result;
}

Try negating it
if(preg_match('/[^a-z\-]/i', $value)){
I've also updated it to use /i, which will ignore case

Why is my function in Wordpress not working?

Why not work my function in wordpress?
My code
add_post_meta( $ids, 'price', $price, true );
$price_add = get_post_meta($id, 'price', true);
function myprice(){
if ($price_add != ' '){
echo $price_add." Euro";
}
else {
echo "None";
}
}
I try use if (isset($price_add)) but not work.
I want to show price introduced in or show text "None".

You are attempting to use a variable which is not "in scope". You might want to read the PHP manual page on variable scope.
A function is a reusable piece of code, with input and output, and in PHP variables are "scoped" (visible) to the function they are declared in. (The main exception is global variables, which are usually frowned on as they make code hard to read, reuse, and test; static variables and object members work a bit differently.)
In your case, you want a function which takes as input a price, and echoes that price if it is not an empty string (or, as you've written it, a single space); you might define that like this:
function myprice($price_to_display) {
if ($price_to_display != ' '){
echo $price_to_display." Euro";
}
else {
echo "None";
}
}
You then call that somewhere else, passing in the value you want to display, like this:
$price_add = get_post_meta($id, 'price', true);
myprice($price_add);
Note that I've named the variable in the function something different for clarity; you could call it $price_add, but that wouldn't make it connected to the other variable called $price_add in any special way.
[Edited to add...] In fact, you don't need to have a variable at all when you are calling the function - what you are providing is a value for the input parameter. So you could also write it like this:
myprice( get_post_meta($id, 'price', true) );

Symfony - Admin generator filters

I changed the generator on my comments module so that the results listed by default were different. I only added a 'table_method' value:
list:
table_method: commentParent
Then I added the commentParent function like this:
public function commentParent(Doctrine_Query $q) {
$rootAlias = $q->getRootAlias();
$q->where($rootAlias . '.parent_id is null or ' . $rootAlias . '.parent_id = 0');
return $q;
}
The listed results are correct but using this method, now filters won't work. In Dev mode, I can see them being correctly set in user variables, but they have no effect.
What could I possibly be missing?

Use addWhere instead of where because it (where) removes all previous where clauses that were added.

Drupal 6 getting the node title from a submitted form

I am using form_alter to edit the submit function when editing content. In my custom function I wish to edit a custom message to the screen with the title name. I thought a way I could do this is something as follows
function mymodule_myfunction(&$form) {
drupal_set_message(t('Some text ' . $form['#node']->title));
}
The title is not being joined to the 'Some text'
I am calling my function by using the following line in my form_alter:
$form['#submit'][] = 'mymodule_myfunction';

All submit functions get two parameters passed to them: $form, which is the final form array after all of the adjustments for hook_form_alter and the like, and $form_state which among other values contains the submitted values, which have been cleaned and checked for ranges. (For instance, if you have three items in a select box, the data in $form_state['values'] already has made sure that the value for that input is one of the three legal values.)
Generally, you shouldn't use $form['#post'] - it's not part of the published way to get at values, and an update to the core to handle some problem with FAPI could conceivably break your code.
Try this:
function mymodule_myfunction($form, &$form_state) {
drupal_set_message(t('Some Message #title'),
array('#title' => $form_state['values']['title'])));
}
Note the corrected use of the t() function - the intent of that function is to allow other users to translate text, and so by using 'Some Message #title' the translator knows more about what is going on. Additionally you get the advantage that text fed through the t function in this way also is fed through check_plain(), which prevents someone from doing something malicious with the input.

DKinzer recommended using dsm($form)to see the variables. The Node title is not populated. It can be found in the Post array. The following line allowed me to do what I wanted.
drupal_set_message(t('Some Text '.$form['#post']['title']));

Try changing the signature of your
function mymodule_myfunction(&$form) {
drupal_set_message(t('Some text ' . $form['#node']->title));
}
To:
function mymodule_myfunction($form, &$form_state) {
drupal_set_message(t('Some text ' . $form['#node']->title));
}
Also try installing the devel module so you can do things like
dsm($form);
dsm($form_state);
And see exactly what you are dealing with.
Also, if all you want to do is give a message when a new node of type 'X' is created a better way is to use hook_nodeapi;
It could look something like this;
function modulename_nodeapi(&$node, $op, $a3 = NULL, $a4 = NULL) {
if ($op == 'insert' && $node->type == 'my node type') {
drupal_set_message($node-title . ' is cool.');
}
}