thks
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
6 AM
To: 'Torsten Roehr'; [EMAIL PROTECTED]
Cc:
Subject:RE: [PHP-DB] Re: Basic MySQL Query Question
Is it just me or is this a very bad thing from a security standpoint? It
seems to me that user input should always be filtered before use. Otherwise
there's nothin
Is it just me or is this a very bad thing from a security standpoint? It
seems to me that user input should always be filtered before use. Otherwise
there's nothing stopping a hacker from embedding sql into the value of the
name variable.
> -Original Message-
> Insert into members (name)
"Chad Stalvey" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Ok. It seems that a $_POST value comes over with the escaped single quote
as
> in O\'Neal. So why does it not preserve that escape when pulling a value
> from a table field, and inserting it back into another table field?
Ok. It seems that a $_POST value comes over with the escaped single quote as
in O\'Neal. So why does it not preserve that escape when pulling a value
from a table field, and inserting it back into another table field? When I
pull it out and insert it back in it is simply O'Neal.
-Original Mess