Re: apostrophes everywhere

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



My apologies for the duplicate post. In an effort to keep everything I
subscribe to from cluttering my inbox I setup a secondary address for my
subscriptions. Normally when I accidently post to a list from my primary
address it simply bounces back and tells me to subscribe. I'm not sure why
it didn't this time (shrug), and hadn't noticed that it was sent out before
I sent out the second one.

I do see what you mean by the order of operations. This could be written in
3 sql_queries instead of 4. While this particular project isn't that taxing
on my server, my next project is similar, but on a much larger scale. Thanks
for the tip.

I looked at serveral of the function suggestions and indeed stumbled accross
htmlspecialchars when doing research on another suggestion:
mysqli_real_escape_string which I couldn't use since I'm not on PHP5. While
htmlspecialchars may not offer as much security as the later it should would
for my purposes.

Thanks for your help, and again sorry for the duplicate post. I'm really not
an idiot, I just have to many e-mail address.


~Drew
www.drewpydraws.com

----- Original Message ----- 
From: "Julien Bonastre" <julien@xxxxxxxxxxxxxxxx>
To: "Stut" <stuttle@xxxxxxxxx>; <php-db@xxxxxxxxxxxxx>
Sent: Sunday, February 19, 2006 10:16 PM
Subject: Re:  apostrophes everywhere


> Firstly, I believe I speak on behalf of the other users on this list
> when I tell you that I do NOT need a secondary copy of your email posted
> on this mailing list with a different subject, I am quite capable of
> reading the first one.
>
>
> Finally, I would suggest looking into the htmlspecialchars($str)
> function or as the previous poster pointed out, check out the manuals in
> relation to string/HTML escaping routines.
>
>
> Next, just as I look over that snippet I spot a little anamoly, or is it
> just me?
>
> mysql_query("DELETE FROM `table` WHERE `id` ='3' ");
>
> is placed AFTER you have set the previous record that used to hold 2 in
> its 'id' field to 3.
>
> Therefore are you not deleting two records here? I would assume so.. You
> are deleting the oldest one, and also the second oldest.
>
> I would recommend placing the deletetion statement BEFORE you change the
> 2nd oldest record to the 3rd. :-)
>
> Order of operations is critical here.
>
>
> tata!
>
>
> ---oOo--- Allowing users to execute CGI scripts in any directory should
> only be considered if: ... a.. You have no users, and nobody ever visits
> your server. ... Extracted Quote: Security Tips - Apache HTTP
> Server ---oOo--- ------oOo---------------oOo------ Julien Bonastre
> [The_RadiX] The-Spectrum Network CEO ABN: 64 235 749 494
> julien@xxxxxxxxxxxxxxxx
> www.the-spectrum.org ------oOo---------------oOo------ 
> ----- Original Message ----- 
> From: "Stut" <stuttle@xxxxxxxxx>
> To: "Andrew Darrow" <vrspectre@xxxxxxxxx>
> Cc: <php-db@xxxxxxxxxxxxx>
> Sent: Sunday, February 19, 2006 9:27 AM
> Subject: Re:  apostrophes everywhere
>
>
> > Andrew Darrow wrote:
> >> Everything get's run except for the INSERT INTO if there is an
> >> apostrophe in
> >> the value $blog. If I replace the apostrophe with &#39; it works
> >> fine.
> >>
> >> On my server I'm running PHP 4.4 and mySQL 4.1.16. I design there and
> >> publish elsewere. On my server everything works fine all the time,
> >> but on
> >> the production server I'm running PHP 4.3.11  and MySQL 4.1.12 that's
> >> where
> >> i'm having problems with the apostrophe.
> >
> > RTFM: http://php.net/mysql_real_escape_string and
> > http://php.net/magic_quotes
> >
> > -Stut
> >
> > -- 
> > PHP Database Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> >
> > -- 
> > No virus found in this incoming message.
> > Checked by AVG Anti-Virus.
> > Version: 7.1.375 / Virus Database: 267.15.11/264 - Release Date:
> > 17/02/2006
> >
> >
>
>
>
> -- 
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.1.375 / Virus Database: 267.15.11/264 - Release Date:
17/02/2006
>
> -- 
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
>
>
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.375 / Virus Database: 267.15.11/264 - Release Date: 2/17/2006
>

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux