Hartley Posted August 1, 2007 Share Posted August 1, 2007 Some members on my site have been getting SQL errors from entries if they use any special characters (' " \, etc). For sake of example, say $entry is a variable declared to hold the value of an entry. How can I adjust $entry so that any special characters will be put into the database correctly without error. Link to comment https://forums.phpfreaks.com/topic/62834-some-form-entries-cause-sql-error/ Share on other sites More sharing options...
trq Posted August 1, 2007 Share Posted August 1, 2007 You need to escape your data before putting it in any queries. Take a look at mysql_real_escape_string and related functions. Link to comment https://forums.phpfreaks.com/topic/62834-some-form-entries-cause-sql-error/#findComment-312784 Share on other sites More sharing options...
mrjcfreak Posted August 1, 2007 Share Posted August 1, 2007 This isn't just a matter of nice output, but also security. Lots of people found out the hardway that you can inject SQL commands into form data very easily and retrieve admin passwords, delete tables etc. etc. if it isn't screened before being put into the SQL command Link to comment https://forums.phpfreaks.com/topic/62834-some-form-entries-cause-sql-error/#findComment-312788 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.