I’ve run into some problems with EscapeShellArg() – wonder if you can help? I’ve been using it very successfully to place single quotes around inputted text {e.g. EscapeShellArg($answer)} to prevent meliciously keyed data being stored in my database. As said, all has been well, running on my localhost – however things are not so good after uploading it to my domain. I’m now getting MySQL syntax errors trying to write to my databases (e.g.)
Code: Select all
'users answer'' WHERE session_id = '6tidcs36jq4bm3cceu9nnqbi16' at line 3The one clue, after checking versions is that there is a difference between my localhost ( running php4.3.10 MySQL 3.23.49 … ok, ok, I know it’s old) and my IP (php 5.0.4 MySQL 4.1.20), however I’ve checked EscapeShellArg() in the MySQL manual and there appears to be no reported issues in implementation. SO that’s as far as my newbie brain has gotten me. I’d appreciate any thoughts you might have.
Thanks
Giles