Jean-Christian Imbeault [EMAIL PROTECTED] wrote:
Sorry if my intentions were not clear but I am trying to protect myself
from SQL injection attacks by using addslashes() to user provided
information. I cannot assume anything about the incoming data (not even
the encoding) since anyone
Just correcting a typo :)
Moriyoshi Koizumi [EMAIL PROTECTED] wrote:
?php
mb_internal_encoding(Shift_JIS);
$escaped = mb_ereg_replace(([\\\'\0]), 1, $sjis_string);
?
should be
?php
mb_internal_encoding(Shift_JIS);
$escaped = mb_ereg_replace(([\'\0]), 1, $sjis_string
Jean-Christian Imbeault [EMAIL PROTECTED] wrote:
Is addslashes() multi-byte safe?
I will bu sing it to escape multi-byte input and wouldn't want it to
mangle anything...
Partially yes.
Strings encoded in GB2312(CP936), big5, Shift_JIS are known to be
clobbered by addslashes().
UTF-8,
Jean-Christian Imbeault [EMAIL PROTECTED] wrote:
Moriyoshi Koizumi wrote:
Partially yes.
Strings encoded in GB2312(CP936), big5, Shift_JIS are known to be
clobbered by addslashes().
Sh*t ... and I just added a whole bunch of addslashes() to my code to
prevent SQL attacks
scripts that uses these functions
on win32 platforms, it may help you.
If you are interested, please visit http://phpresolver.sourceforge.net/
Thanks
--
Moriyoshi Koizumi
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Hi,
have you tried this one?
$dir = dirname( $HTTP_SERVER_VARS['PHP_SELF'] );
Moriyoshi Koizumi
Andy [EMAIL PROTECTED] wrote:
Hi there,
I am trying to find out which dir the user is browsing. How can I get the
URL into a var? I tryed path_info, but it only returns the filename
Hello,
I don't think the problem you have is not the size of the file.
It seems to depend on the content of that.
(line 1) $a = 'abc%d';
(line 2) printf( "$a" );
will cause too-few-arguments error
because variable $a contains the sequence of '%','d', which should be interpreted as
formatting
IMHO
$query = SELECT shoodID FROM shoots WHERE location=\$location\;
and even
$query = SELECT shoodID FROM shoots WHERE location='$location';
sometimes cause SQL Syntax Error,
because the variable $location may contain quote characters (')()...
since i experienced the same thing i've been
yes,
both of yours make the same result too, and are clean :-)
and i wonder what the best way is, to put queries into php code...
there's a more complicated sample,
$a=addslashes($a);
$b=addslashes($b);
$c=addslashes($c);
if( $another_table ) { $another_table=','.$another_table; }
$query =
Hello,
Thanks for your great advice,
and also the tutorial http://www.aditus.nu/jpgraph/jpg_phpoo.php helps so much.
I guess I was confusing a copy of object and a reference of object.
btw that's too confusing!
Gyozo Papp [EMAIL PROTECTED] wrote:
Hello,
I've not tried your code yet, but
Hello.
I'm new to this list, and I once looked over the archives,
but the problem like this might not have been proposed, so I ask...
please see the code below
sorry to be too long.
(the result of this code is supposed to be seen with HTML browser)
11 matches
Mail list logo