TalkPHP
Home Forums Articles Glossary Awards Register Rules Members Search Today's Posts Mark Forums Read
 
 
 
Account Login
Latest Articles
» The basic usage of PHPTAL, a XML/XHTML template library for PHP
by awuehr on 11-10-2008 in Tips & Tricks
» Vulnerable methods and the areas they are commonly trusted in.
by Village Idiot on 11-04-2008 in Classes & Objects
» Simple way to protect a form from bot
by codefreek on 10-23-2008 in Basic
» The Basics On: How Session Stealing Works
by wiifanatic on 09-12-2008 in Security & Permissions
» How to keep your forms from double posting data
by drewbee on 07-03-2008 in Tips & Tricks
IRC Channel
IRC Speech Bubble Join the friendly bunch on IRC...
(#TalkPHP on Freenode)

...Also available via a web interface.

See this thread for information on the TalkPHP Free Hugs Initiative™. Subject to availability.
Associates
Associates
CSS Tutorials
TalkPHP > Misc. Support & Development > MySQL & Databases » char in text causing error
Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 07-09-2012, 03:02 PM   #1 (permalink)
The Wanderer
 
Timms's Avatar
 
Join Date: May 2012
Posts: 6
Thanks: 2
Timms is on a distinguished road
Default char in text causing error
Been messing around with mysql on my website today and it apears when someone adds a comment to my guest book that contains ' it will pull and error like this

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's life. Then a sharing of her understanding and deeply personal spiritual lesson' at line 1


If i remove them quotes then it will work fine but i need to allow such a thing so how would i go about fixing this?

Thanks
Timms is offline   		Reply With Quote
Old 07-09-2012, 03:27 PM   #2 (permalink)
The Addict
 
tony's Avatar
 
Join Date: Aug 2008
Posts: 336
Thanks: 8
tony is on a distinguished road
Default
You need to escape the special characters. If you don't sanitize your user input, you are vulnerable for SQL injections and other attacks.
tony is offline   		Reply With Quote
The Following User Says Thank You to tony For This Useful Post:
Timms (07-09-2012)
Old 07-09-2012, 04:32 PM   #3 (permalink)
The Wanderer
 
Timms's Avatar
 
Join Date: May 2012
Posts: 6
Thanks: 2
Timms is on a distinguished road
Default
Quote:
Originally Posted by tony View Post
You need to escape the special characters. If you don't sanitize your user input, you are vulnerable for SQL injections and other attacks.
Yes i went on a stroll around the net to see what i could find out and found that i need such a thing,

$dtl = str_replace("'","\'",$dtl);
//now process

Never the less is there anything else that i should be aware of that could also cause such a thing?
Timms is offline   		Reply With Quote
Reply

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
PHP Parse error: parse error,syntex error unexpected ',' expectingT_STRING in my code tech Absolute Beginners 13 01-29-2013 10:00 AM
syntax error??? gillweb General 5 08-03-2011 04:35 PM
Input-field with captured text falsely empties on click sidisinsane Javascript, AJAX, E4X 5 12-05-2008 12:12 AM
Can't solve browser error Peuplarchie Absolute Beginners 1 06-09-2008 05:48 AM
PDF Creation - Help! Sam Granger General 7 10-31-2007 11:32 AM


All times are GMT. The time now is 05:08 AM.

 
     
Contact Us - TalkPHP - PHP Community - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Inactive Reminders By Icora Web Design