Varchar is too big I guess.

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

Mightywayne wrote:I am, but if they have no field to insert SQL commands into, how will they put the SQL in?
If you're placing user input into a query and you aren't properly escaping the input (mysql_real_escape_string()), you are vulnerable.
Mightywayne wrote:Edit 2: Okay, I got it I think. I can't use double quotes for my message, which kinda sucks, I'm sure I'll figure out a way for it work eventually. The problem was inserting '$log', instead I did "$log" and it loved me again.
You can insert any characters you like into a database, providing they are properly escaped. If you were to use mysql_real_escape_string() on user input (which escapes all quotes), you're queries won't be malformed. If you're still having problems, at least post the queries you're having trouble with.
Post Reply