Re: [PHP-DB] apostrophes everywhere
by Julien Bonastre other posts by this author
Feb 19 2006 10:17PM messages near this date
Re: [PHP-DB] apostrophes everywhere
|
[PHP-DB] Re: Sessions help needed !!!
Firstly, I believe I speak on behalf of the other users on this list
when I tell you that I do NOT need a secondary copy of your email posted
on this mailing list with a different subject, I am quite capable of
reading the first one.
Finally, I would suggest looking into the htmlspecialchars($str)
function or as the previous poster pointed out, check out the manuals in
relation to string/HTML escaping routines.
Next, just as I look over that snippet I spot a little anamoly, or is it
just me?
mysql_query("DELETE FROM `table` WHERE `id` ='3' ");
is placed AFTER you have set the previous record that used to hold 2 in
its 'id' field to 3.
Therefore are you not deleting two records here? I would assume so.. You
are deleting the oldest one, and also the second oldest.
I would recommend placing the deletetion statement BEFORE you change the
2nd oldest record to the 3rd. :-)
Order of operations is critical here.
tata!
---oOo--- Allowing users to execute CGI scripts in any directory should
only be considered if: ... a.. You have no users, and nobody ever visits
your server. ... Extracted Quote: Security Tips - Apache HTTP
Server ---oOo--- ------oOo---------------oOo------ Julien Bonastre
[The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494
julien@[...].org
www.the-spectrum.org ------oOo---------------oOo------
----- Original Message -----
From: "Stut" <stuttle@[...].com>
To: "Andrew Darrow" <vrspectre@[...].com>
Cc: <php-db@[...].net>
Sent: Sunday, February 19, 2006 9:27 AM
Subject: Re: [PHP-DB] apostrophes everywhere
> Andrew Darrow wrote:
> > Everything get's run except for the INSERT INTO if there is an
> > apostrophe in
> > the value $blog. If I replace the apostrophe with ' it works
> > fine.
> >
> > On my server I'm running PHP 4.4 and mySQL 4.1.16. I design there and
> > publish elsewere. On my server everything works fine all the time,
> > but on
> > the production server I'm running PHP 4.3.11 and MySQL 4.1.12 that's
> > where
> > i'm having problems with the apostrophe.
>
> RTFM: http://php.net/mysql_real_escape_string and
> http://php.net/magic_quotes
>
> -Stut
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.1.375 / Virus Database: 267.15.11/264 - Release Date:
> 17/02/2006
>
>
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 267.15.11/264 - Release Date: 17/02/2006
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Thread:
Andrew Darrow
Stut
sub
Stut
Julien Bonastre
|
