Page 2 of 2

Posted: Tue Mar 13, 2007 9:00 am
by neel_basu

Code: Select all

  `user_interest` blob NOT NULL, 
  `user_fav_anime` blob NOT NULL, 
  `user_fav_videogames` blob NOT NULL, 
  `user_about` blob NOT NULL,
Here user_interest, user_about doesn't need BLOB datatype as the name says. But Why You are Using BLOB in user_fav_anime. arn't You keeping Any Location of animations in it ?? if Yes then Use Simple text Fields

Posted: Tue Mar 13, 2007 10:35 am
by volka
http://dev.mysql.com/doc/refman/5.1/en/blob.html wrote:BLOB columns are treated as binary strings (byte strings) [...]
BLOB columns have no character set, and sorting and comparison are based on the numeric values of the bytes in column values.
Therefore comparison is always case-sensitive for blobs.

Posted: Wed Mar 14, 2007 12:29 am
by psychotomus
Mordred wrote:

Code: Select all

$search_phrase = htmlspecialchars(str_replace("\'", "'", $_GET['search']));
This is NOT an adequate protection against ANYTHING. Use mysql_real_escape_string() before putting things in a db query and htmlentities with PROPER parameters before outputting to HTML. As it is, your script is vulnerable to multiple SQL injections, check your PM.
what you mean by htmlentities? never heard of that function before.

Posted: Wed Mar 14, 2007 3:37 am
by volka
That's why there is an online manual ;)
http://de2.php.net/htmlentities