Re: [PHP] Replace of ' in a query

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Look at the addslashes command. You should always escape the values you are accepting from user input. If you read almost any article on web site security, it will mention something called SQL injection among other things. This is a way to compromise your data.
For instance, what if a user entered:
"1" OR "A"="A"

Now what if you used that user input to filter a query. You may end up with:
SELECT * FROM db WHERE field="1" OR "A"="A"

Which would return every record in the database.

On Feb 17, 2004, at 2:44 PM, carlos castillo wrote:

Hi , i have the following problem, i have a form where a user can input
any text, on that text may be a char is ' char(39) when i try to execute
the sql query, i have an error for that ', i need to replace it for the
html tag, for example " is " or by chr(39) i dont know, and then
execute the sql query.

i really appreciate your help, thanks.

--
Brent Baisley
Systems Architect
Landover Associates, Inc.
Search & Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[Index of Archives]     [PHP Home]     [PHP Users]     [PHP Database Programming]     [PHP Install]     [Kernel Newbies]     [Yosemite Forum]     [PHP Books]
  Powered by Linux