Posted by Malcolm Dew-Jones on 06/29/05 00:37

Ian Rastall (idrastall@gmail.com) wrote:
: On 28 Jun 2005 12:54:41 -0800, yf110@vtn1.victoria.tc.ca (Malcolm
: Dew-Jones) wrote:

: >However, avoiding keywords is the best bet. (I like things like
: >the_group )

: I just changed it to "Band". Same difference. :-) What I'm still
: having trouble with, though, is figuring out how to escape my
: apostrophes. It must just be one line of code in my HTML somewhere,
: but I'm not sure where to put it.

: The apostrophe problem only seems to happen with album names, since
: those are the ones you click on. It takes whatever the name is, tries
: to grab that from the db, and can't, because ... not sure, but I think
: it's because the apostrophe is interpreted as a command of some sort.

E.g.

$id = mysql_escape_string($_REQUEST[id]);

$sql = "select * from the_table where ID='$id'";


Always escape your values before stuffing them into the sql string, (not
just when you think you might need it).


--

This space not for rent.

• Next in forum: Re: How to translate MySQL table to an XML file?
• Prev in forum: Re: redirect on apache 2.0
• Thread view: Re: Trouble escaping / Misc nightmare

[Reply to this message]