|
|
Posted by Sanders Kaufman on 08/09/07 10:42
I just found out that an app I wrote doesn't allow the user to input
apostrophes into the textarea. If they do, the insert/update fails.
I'm sure this issue has been done to death - but it's the first time
it's come up for me.
What I'm doing is something like this:
function UpdateRecord($iID, $sContent) {
$sSQL = "UPDATE MyTable SET content='$sContent' where id=$iID";
$bSuccess = RunSQL($sSQL);
return $bSuccess;
}
Is there a simple escape command, or am I going to have to get all into
writing some complex handler for apostrophes and whatnot.
Note: In this example, I'm *totally* ignoring the threat from SQL
injection. I just don't want apostrophes to crash the update/create.
Navigation:
[Reply to this message]
|