Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Posting engine check' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Posting engine check
Authored by: thinkyhead on Feb 26, '02 07:55:47PM

Let's see how the web posting engine is doing, while we're at it. Submitting plain old text we get...

1 Backslash: \
2 Backslashes: \
3 Backslashes: \\

Apostrophe: '
Back-tick: `
Ampersand: &
Percent: %
Tilde: ~
At-symbol: @
Caret: ^
Curly-braces: { }
Less-than: <
Greater-than: >



[ Reply to This | # ]
Argh, still eats backslashes
Authored by: thinkyhead on Feb 26, '02 08:06:05PM

It's very simple to fix this issue in PHP.

First, turn off magic_quotes_gpc in the php.ini file.

Next, always use "addslashes()" on any values that will be used in an SQL statement....

$sqldata = addslashes($somedata);
$sth = mysql_query("UPDATE blunder SET SomeData='$sqldata' WHERE Locked='N'");

Finally, if content needs to appear in a form use htmlentities() on the data before merging it with the HTML for display.

<input type="text" name="thing" value="<?= htmlentities($thing) ?>">



[ Reply to This | # ]