| Re: function for preserving special characters? [message #186088 is a reply to message #186087] |
Fri, 13 June 2014 17:23   |
Tim Streater
Messages: 328
Registered: September 2010
Karma:
|
Senior Member |
|
|
In article <539b0a09$0$6621$9b4e6d93(at)newsspool4(dot)arcor-online(dot)net>,
Christoph Michael Becker <cmbecker69(at)arcor(dot)de> wrote:
> Tim Streater wrote:
>
>> In article <539afd73$0$6602$9b4e6d93(at)newsspool4(dot)arcor-online(dot)net>,
>> Christoph Michael Becker <cmbecker69(at)arcor(dot)de> wrote:
>>
>>> Tim Streater wrote:
>>>
>>>> In article <4s7xh8hg1pcy(dot)ov70m21znbte$(dot)dlg(at)40tude(dot)net>, richard
>>>> <noreply(at)example(dot)com> wrote:
>>>> >> When attempting to transfer records from one table to another,
>>> certain
>>>> > records refuse to be.
>>>> > Such as those with words like "I'm".
>>>> > What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>>>> >
>>>> > I know there is a procedure in PHP for dealing with this.
>>>> > I just can't find it right now.
>>>> > Can anyone help on this?
>>>> > You need to read up on your database and find how it deals with
>>> things
>>>> like single-quotes (') in strings that you want to update a column
>>>> with. Or rather, how it expects *you* to present the data.
>>>> > For SQLite, I do this:
>>>> > $x = str_replace ('\'', '\'\'', $xx);
>>>
>>> However, remember Bobby Tables: <http://xkcd.com/327/>.
>>
>> :-) Yeah yeah.
>>
>> However in this case the guy doing the hacking would be the guy whose
>> data would be trashed. Why destroy your own data that way when you can
>> just drag the entire file to the Trash and empty it.
>
> ACK.
>
> However, my reply was not particularly meant for you, but also for
> others who want to do this on otherwise unsanitized user input.
Still, it was quite useful as I went back and entered variants of:
xxx'); drop table xyz; --
into some screen entry fields without succeeding in doing any damage.
Either the entry was rejected (by my code) for a numeric field, or was
accepted verbatim and ended up in a database field. Not that this
proves invulnerability, but it's at least a start.
--
"The idea that Bill Gates has appeared like a knight in shining armour to
lead all customers out of a mire of technological chaos neatly ignores
the fact that it was he who, by peddling second-rate technology, led them
into it in the first place." - Douglas Adams
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]