On Aug 3, 2010, at 5:44 PM, Chris wrote:
On 03/08/10 23:04, Paul_S_Johnson@xxxxxxxxxxxxxxxx wrote:
Yes, I may have mixed up the input and output from different
iterations of
running it. Let me try posting this again although it may not be
an issue.
Once again if I enter two sequential apostrophes in the name
(O''Brien)
the INSERT passes right through to MySQL without an error.
THE INPUT:
$sql_insert_registration = sprintf("INSERT INTO
Registrations (
Class_ID,
prid,
Registrant,
Company,
Phone,
Email
)
VALUES (
$_POST[Class_ID],
^^^^^^ needs a mysql_real_escape_string or validation to make sure
it's an integer
$_POST[prid],
^^^^^^ needs a mysql_real_escape_string or validation to make sure
it's an integer
'%s',".
^^^^^^ has a mysql_real_escape_string, but it's the only one.
parseNull($_POST['Company']).",
Without knowing what this function does, it's hard to say what this
needs.
'$_POST[Phone]',
^^^^^^ needs a mysql_real_escape_string
'$_POST[Email]'
^^^^^^ needs a mysql_real_escape_string
)", mysql_real_escape_string($_POST['Registrant']));
This has already all been pointed out previously.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
didnt see this post, was in my spam folder
Karl DeSaulniers
Design Drumm
http://designdrumm.com
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
