Re: help : apostrophe/single quotation mark
- From: Toby A Inkster <usenet200703@xxxxxxxxxxxxxxxxx>
- Date: Tue, 6 Mar 2007 21:48:11 +0000
dajava wrote:
$query = "INSERT INTO `Dora_Board` (`Title` , `Writer`,
`Password`, `Contents`, `Date`, `Ip`) ";
$query = $query . "VALUES ('" . (string)$title . "', '" .
(string)$writer . "', '" . (string)$password . "', ";
$query = $query . "'" . (string)$contents . "', '" . (string)
$date . "', '" . (string)$ip . "')";
As I said -- mysql_real_escape_string(). Replace the above with:
$query = sprintf("INSERT INTO Dora_Board (Title, Writer, Password, Contents, Date, Ip)
VALUES ('%s', '%s', '%s', '%s', '%s', '%s');",
mysql_real_escape_string($title),
mysql_real_escape_string($writer),
mysql_real_escape_string($password),
mysql_real_escape_string($contents),
mysql_real_escape_string($date),
mysql_real_escape_string($ip));
There are several other chunks of code that need rewriting similarly, but
that should fix the immediate problem.
If you don't fix these problems your site is open to being cracked by
nasty people. Yes, really.
Google: mysql_real_escape_string.
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux
* = I'm getting there!
.
- Follow-Ups:
- Re: help : apostrophe/single quotation mark
- From: dajava
- Re: help : apostrophe/single quotation mark
- References:
- help : apostrophe/single quotation mark
- From: dajava
- Re: help : apostrophe/single quotation mark
- From: Erwin Moller
- Re: help : apostrophe/single quotation mark
- From: dajava
- Re: help : apostrophe/single quotation mark
- From: Erwin Moller
- Re: help : apostrophe/single quotation mark
- From: dajava
- help : apostrophe/single quotation mark
- Prev by Date: Re: PLEASE HELP - Very odd problem
- Next by Date: comapring two variables of strings
- Previous by thread: Re: help : apostrophe/single quotation mark
- Next by thread: Re: help : apostrophe/single quotation mark
- Index(es):
Relevant Pages
|
