PhP and '
Posted 08 September 2006 - 01:45 AM
What am I missing?
Posted 08 September 2006 - 01:49 AM
str_replace("'", "\'", $_POST['GOATINFO']);Obviously change the $_POST value to the actual form value.
Edit, if that doesn't work, use
Posted 08 September 2006 - 03:04 AM
mysql_escape_real_string()or for those running older than PHP 4.3.*??
I've been switching to that instead of using str_replace() so that I can catch other odd escape characters in mysql queries.
This post was brought to you by DynamicShark Media
[For Hire] - Small PHP Projects - Script Fixing, Development, WordPress
Read My Blog: www TylerIngram dot Com
Follow Me On Twitter
Posted 09 September 2006 - 12:22 AM
Posted 09 September 2006 - 12:37 AM
By the way do never use str_replace() function to protect your code from sql injection. As instead of putting an single quote they can also try to add it's unicode equivalent where the str_replace will miss (as I remember) but mysql wont. Also there are some other special characters for the sql syntax like # which mutes your code. To protect from them use mysql_real_escape_string or something like mysqli if you use php 5 or higher
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users