Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
3
I operate an online store, using custom software it all works great except when someone types a name such as George O'Neil, the responder doesn't execute or fails.
I've tried addSlashes and I've tried removing ' using a string replace.
Neither has worked, does anyone have any ideas?
4 replies to this topic
Back to top|
|
|
#2
Posted 20 December 2010 - 04:52 PM
WingedPanther
-
- Moderators
-
- 16,831 posts
A spammer's worst nightmare
- Location:Upstate, South Carolina
- Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
- Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others
have you tried replacing ' with two of them?
#3
Posted 21 December 2010 - 04:03 AM
AtoZ
-
- Members
-
- 36 posts
Learning Programmer
I've had a brain storm, I'm going to parse the strings with Javscript before the values are submitted.
#4
Posted 21 December 2010 - 10:27 AM
John
-
- Moderators
-
- 6,321 posts
Writes binary right handed and hex left handed
- Location:New York, NY
Use mysql_real_escape_string before inserting the data into the database.
#5
Posted 21 December 2010 - 01:55 PM
rhossis
-
- Members
-
- 46 posts
Learning Programmer
Hi Atoz
Clientside validation is not enough. You need to sanitize all the user input on the server-side as well after form submission using php input validation methods an example of which has been given above PHP: SQL Injection - Manual. Remember, all user input is evil :bad:
Clientside validation is not enough. You need to sanitize all the user input on the server-side as well after form submission using php input validation methods an example of which has been given above PHP: SQL Injection - Manual. Remember, all user input is evil :bad:
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
