Matthew Sims wrote:
Your problem has nothing to do with the Objects (or really even PHP for
that matter). You're not supposed to run mysql_escape_string on an
entire query.
So I ran my $_POST array into array_map before the injection:
$_POST = array_map("mysql_escape_string","$_POST");
And it all w
> Your problem has nothing to do with the Objects (or really even PHP for
> that matter). You're not supposed to run mysql_escape_string on an
> entire query.
Yup, you are correct, my bad.
So I ran my $_POST array into array_map before the injection:
$_POST = array_map("mysql_escape_string","$_P
Your problem has nothing to do with the Objects (or really even PHP for
that matter). You're not supposed to run mysql_escape_string on an
entire query. Here's an example of its usage:
$sString = "This string contains a single-quote (')";
$sQuery = "INSERT INTO mytable SET
mystrcolumn='{$sStrin
$query = 'INSERT into aeMail set test=\''.$_POST["test"].'\'';
Your quotes look screwy to me. You seem to be missing both trailing single
quotes.
try this:
$query = 'INSERT into aeMail set test=\'''.$_POST["test"].'\''';
At 01:07 PM 7/12/2004, Matthew Sims wrote:
PHP version 5.0.0RC3 (cgi) (built
oseph
>
Ha! That did it. Thanks!
--Matthew Sims
--<http://killermookie.org>
>> -Original Message-
>> From: Matthew Sims [mailto:[EMAIL PROTECTED]
>> Sent: Monday, July 12, 2004 4:08 PM
>> To: [EMAIL PROTECTED]
>> Subject: [PHP] OO woes
>> Importance
---
> From: Matthew Sims [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 12, 2004 4:08 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] OO woes
> Importance: High
>
> PHP version 5.0.0RC3 (cgi) (built: Jul 9 2004 13:18:24)
>
> I'm just getting my feet wet with OO and ha
PHP version 5.0.0RC3 (cgi) (built: Jul 9 2004 13:18:24)
I'm just getting my feet wet with OO and have run into a problem that I'm
not familiar with...yet.
I have a class that does a database connection and query all together. It
all works nicely untiluntil my query has a word with quotes aro
7 matches
Mail list logo
