Page 2 of 2
Posted: Sat Jul 14, 2007 3:57 am
by volka
But there's really no point in replacing a character by the same character (or did the board "eat" a \ here? )
There are also other character that should be "treated". I suggest using mysql_real_scape_string.
Posted: Sat Jul 14, 2007 7:15 pm
by RobertGonzalez
+1 volka. Using mysql_real_escape_string() is a lot safer and less resource intensive than str_replace. And besides, the replace you are doing is quite literally replacing a character with it's exact same character. And there is no need to turn magic quotes on. In fact, it is better for you to leave it off.
Posted: Sun Jul 15, 2007 12:34 am
by invisibled
i already said i haven't finished the script, its going to be replacing single quotes with hardcoded quotes but that has nothing to do with anything.
Posted: Sun Jul 15, 2007 1:01 am
by Benjamin
invisibled wrote:i already said i haven't finished the script, its going to be replacing single quotes with hardcoded quotes but that has nothing to do with anything.
Your assuming you know more than us. I would do as Pickle said and echo your queries. I can see right off the bat what the problem could be, without speculating.
Posted: Mon Jul 16, 2007 1:49 pm
by invisibled
I do know more than you guys, because its my script, and I am telling you about it and your telling me im wrong, when im not and getting completely off topic with that whole single quote thing lol.
my queries are posted on the first page...
Posted: Mon Jul 16, 2007 2:07 pm
by volka
invisibled wrote:I am telling you about it and your telling me im wrong, when im not and getting completely off topic with that whole single quote thing lol.
Let's assume you're not wrong then your script is missing something, see
http://de3.php.net/security.database.sql-injection
Posted: Mon Jul 16, 2007 2:11 pm
by RobertGonzalez
Are you making sure to use long opening tags (<?php) instead of short open tags (<?) on your local server. According to the server data page you posted, short tags are off on localhost but I see them in your code.