No single quotes in url grab

[elis]

I'm not entirely sure how to explain my problem, but I'll try.



I have the following code:
[code]if(!$tid) accessDenied( );[/code]
to prevent mysql attacks via the url: i.e.
http://yoursite.net/thispage.php?tid="select  * from this_table"

and it works except for when the single quotes are used
i.e. http://yoursite.net/thispage.php?tid='select  * from this_table'

and the databases are being selected and are accessible this way

does anyone have any coding ideas that could prevent this?

[Jessica]

look up mysql_real_escape_string and do some research on SQL injection

[elis]

Yes, well I've tried that numerous times - it isn't working, hence why I came here.

[dgiberson]

Are you using the GET/REQUEST or POST method?

[Jessica]

[quote author=elis link=topic=122836.msg507096#msg507096 date=1169059111]
Yes, well I've tried that numerous times - it isn't working, hence why I came here.
[/quote]
Yes, well, that's not in your code. Posting actual code and explaining problems prevents useless answers. The code you HAVE, does NOT prevent against any SQL attacks. Hence, my answer.

Plus, it looks like you're using register_globals, a big security no-no.

[elis]

There's absolutely no need for your childish condescending attitude,
in any event I've fixed the problem using a variation of the eregi function.

[elis]

[quote author=dgiberson link=topic=122836.msg507098#msg507098 date=1169059258]
Are you using the GET/REQUEST or POST method?
[/quote]


You really should be able to edit posts after more than a few seconds o.0
Anyway: I was using the _GET function, but after tinkering I figured out my error.
Thank you for your help though.

[dgiberson]

Just a suggestion, you might want to switch over to POST, although I am not sure at what your goal is for this specific page.