Double quote injection problem with mySQL and PHP
Posted: Fri Feb 19, 2010 9:54 am
Hi,
I have no problem injecting texts that come with quotes into my database (I think), for instance,
I'd like to say "Hello"
the problem is, when I can to edit this text (title) again, in the input field, it only shows this,
I'd like to say
the double quotes are missing. I think it is bcos of this - value="" which has double quotes,
how can I fix this problem??
many thanks,
Lau
I have no problem injecting texts that come with quotes into my database (I think), for instance,
I'd like to say "Hello"
the problem is, when I can to edit this text (title) again, in the input field, it only shows this,
I'd like to say
the double quotes are missing. I think it is bcos of this - value="" which has double quotes,
Code: Select all
<input name="pg_title" type="text" value="<?php echo $row_page['pg_title'];?>"/>many thanks,
Lau