Reply to Re: strange extra quote mark appearing in mysql query

Your name:

Reply:


Posted by davek on 10/24/06 20:20

Markus Ernst wrote:
> End quote missing here ^

doh! I missed that completely... thanks - just goes to show that
another pair of eyes is always useful...

> BTW it is a bad idea to put post data directly into your query - you
> should check them for security issues and escape quotes first. Google
> for "sql injection" and "e-mail injection".

Thanks for the tip - I've seen sql injections mentioned elsewhere so
I'm vaguely aware of them and will get to grips with how to avoid them
before the site goes live... fortunately, it still exists only on my
testing server at the moment.

d.

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация