TalkPHP - char in text causing error

TalkPHP (http://www.talkphp.com/forums.php)

- MySQL & Databases (http://www.talkphp.com/mysql-databases/)

- - char in text causing error (http://www.talkphp.com/mysql-databases/6328-char-text-causing-error.html)

Timms

07-09-2012 03:02 PM

char in text causing error

Been messing around with mysql on my website today and it apears when someone adds a comment to my guest book that contains ' it will pull and error like this

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's life. Then a sharing of her understanding and deeply personal spiritual lesson' at line 1

If i remove them quotes then it will work fine but i need to allow such a thing so how would i go about fixing this?

Thanks

tony	07-09-2012 03:27 PM

You need to escape the special characters. If you don't sanitize your user input, you are vulnerable for SQL injections and other attacks.

Timms

07-09-2012 04:32 PM

Quote:

Originally Posted by tony (Post 33184)

You need to escape the special characters. If you don't sanitize your user input, you are vulnerable for SQL injections and other attacks.

Yes i went on a stroll around the net to see what i could find out and found that i need such a thing,

$dtl = str_replace("'","\'",$dtl);
//now process

Never the less is there anything else that i should be aware of that could also cause such a thing?

All times are GMT. The time now is 01:29 PM.