Re: Re: Stuck in apostrophe hell

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Aug 3, 2010, at 5:44 PM, Chris wrote:

On 03/08/10 23:04, Paul_S_Johnson@xxxxxxxxxxxxxxxx wrote:
Yes, I may have mixed up the input and output from different iterations of running it. Let me try posting this again although it may not be an issue. Once again if I enter two sequential apostrophes in the name (O''Brien)
the INSERT passes right through to MySQL without an error.

THE INPUT:

$sql_insert_registration = sprintf("INSERT INTO
   Registrations (
     Class_ID,
     prid,
     Registrant,
     Company,
     Phone,
     Email
   )
VALUES (
     $_POST[Class_ID],

^^^^^^ needs a mysql_real_escape_string or validation to make sure it's an integer

     $_POST[prid],

^^^^^^ needs a mysql_real_escape_string or validation to make sure it's an integer

     '%s',".

^^^^^^ has a mysql_real_escape_string, but it's the only one.

     parseNull($_POST['Company']).",

Without knowing what this function does, it's hard to say what this needs.

     '$_POST[Phone]',

^^^^^^ needs a mysql_real_escape_string

     '$_POST[Email]'

^^^^^^ needs a mysql_real_escape_string

)", mysql_real_escape_string($_POST['Registrant']));


This has already all been pointed out previously.


--
Postgresql & php tutorials
http://www.designmagick.com/


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



didnt see this post, was in my spam folder

Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux