| 1.1.1 - SQL data not escaped [when magic quotes turned off] [message #406] |
Mon, 11 February 2002 17:17  |
ironstorm
Messages: 89
Registered: February 2002
Location: Toronto, Ontario, Canada
Karma: 0
|
Member |
|
|
When make a forum called GED's forum, or set the description
to include and apostray I get an error similar to the
following:
Query Failed: INSERT INTO fud_cat (name, description, allow_collapse, default_view, creation_date, view_order, hidden) VALUES('GED's Forum','','Y','OPEN','1013447434','4','N')
Reason:
From: f:/php4/!forums/htdocs/adm/admcat.php
One could require magic quotes to fix this or wrap
the SQL fields to be inserted using addslashes like
follows:
myAddSlashes($st) {
if (get_magic_quotes_gpc()==1) {
return $st;
} else {
return AddSlashes($st);
}
}
Very true, curre
|
|
|
|
| Re: 1.1.1 - SQL data not escaped [when magic quotes turned off] [message #418 is a reply to message #406] |
Mon, 11 February 2002 20:40  |
Ilia
Messages: 13241
Registered: January 2002
Karma: 0
|
Senior Member
Administrator
Core Developer |
|
|
Very true, currently we assume that magic_quotes_gpc is on by default.
However, it appears we need a handler, like the one you've suggested for people who don't because magic_quotes_gpc cannot be turned on during runtime  (.
FUDforum Core Developer
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]