Re: apostrophes everywhere

["Julien Bonastre" <julien@xxxxxxxxxxxxxxxx>]

Firstly, I believe I speak on behalf of the other users on this list 
when I tell you that I do NOT need a secondary copy of your email posted 
on this mailing list with a different subject, I am quite capable of 
reading the first one.


Finally, I would suggest looking into the htmlspecialchars($str) 
function or as the previous poster pointed out, check out the manuals in 
relation to string/HTML escaping routines.


Next, just as I look over that snippet I spot a little anamoly, or is it 
just me?

mysql_query("DELETE FROM `table` WHERE `id` ='3' ");

is placed AFTER you have set the previous record that used to hold 2 in 
its 'id' field to 3.

Therefore are you not deleting two records here? I would assume so.. You 
are deleting the oldest one, and also the second oldest.

I would recommend placing the deletetion statement BEFORE you change the 
2nd oldest record to the 3rd. :-)

Order of operations is critical here.


tata!


---oOo--- Allowing users to execute CGI scripts in any directory should 
only be considered if: ... a.. You have no users, and nobody ever visits 
your server. ... Extracted Quote: Security Tips - Apache HTTP 
Server ---oOo--- ------oOo---------------oOo------ Julien Bonastre 
[The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494 
julien@xxxxxxxxxxxxxxxx 
www.the-spectrum.org ------oOo---------------oOo------ 
----- Original Message ----- 
From: "Stut" <stuttle@xxxxxxxxx>
To: "Andrew Darrow" <vrspectre@xxxxxxxxx>
Cc: <php-db@xxxxxxxxxxxxx>
Sent: Sunday, February 19, 2006 9:27 AM
Subject: Re:  apostrophes everywhere


> Andrew Darrow wrote:
> > Everything get's run except for the INSERT INTO if there is an 
> > apostrophe in
> > the value $blog. If I replace the apostrophe with &#39; it works 
> > fine.
> >
> > On my server I'm running PHP 4.4 and mySQL 4.1.16. I design there and
> > publish elsewere. On my server everything works fine all the time, 
> > but on
> > the production server I'm running PHP 4.3.11  and MySQL 4.1.12 that's 
> > where
> > i'm having problems with the apostrophe.
>
> RTFM: http://php.net/mysql_real_escape_string and 
> http://php.net/magic_quotes
>
> -Stut
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.1.375 / Virus Database: 267.15.11/264 - Release Date: 
> 17/02/2006



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 267.15.11/264 - Release Date: 17/02/2006

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php