Miguel Gea Milvaques <[EMAIL PROTECTED]> writes:
> function sanitizeString($string) {
> $string = str_replace("'", "", $string);
> + $string = str_replace("--", "", $string);
> $string = str_replace("<", "", $string);
> $string = str_replace(">", "", $string);
> $string = str_replace("/*", "", $string);
> $string = str_replace("*/", "", $string);
> $string = str_replace("\"", "", $string);
> - $string = str_replace("--", "", $string);
[Patch is reversed]
Erm, this isn't really a fix. You still get one of the replaced
character combinations if you use '\--'. Wouldn't it be more reasonable
to replace these things with an escaped version?
Marc
--
Fachbegriffe der Informatik - Einfach erklärt
69: WWW
World Wide Windows
pgpPDzuhCrZrA.pgp
Description: PGP signature
