Code: Select all
`user_interest` blob NOT NULL,
`user_fav_anime` blob NOT NULL,
`user_fav_videogames` blob NOT NULL,
`user_about` blob NOT NULL,Moderator: General Moderators
Code: Select all
`user_interest` blob NOT NULL,
`user_fav_anime` blob NOT NULL,
`user_fav_videogames` blob NOT NULL,
`user_about` blob NOT NULL,Therefore comparison is always case-sensitive for blobs.http://dev.mysql.com/doc/refman/5.1/en/blob.html wrote:BLOB columns are treated as binary strings (byte strings) [...]
BLOB columns have no character set, and sorting and comparison are based on the numeric values of the bytes in column values.
what you mean by htmlentities? never heard of that function before.Mordred wrote:This is NOT an adequate protection against ANYTHING. Use mysql_real_escape_string() before putting things in a db query and htmlentities with PROPER parameters before outputting to HTML. As it is, your script is vulnerable to multiple SQL injections, check your PM.Code: Select all
$search_phrase = htmlspecialchars(str_replace("\'", "'", $_GET['search']));