ID: 22424
Comment by: moderator at blackpeeps dot com
Reported By: oregon at pobox dot com
Status: Bogus
Bug Type: Variables related
Operating System: Linux 2.4.9-31
PHP Version: 4.2.3
New Comment:
I am noticing this same problem since i upgraded to 4.3.0 in January. I
have rows stored in mysql tables that have colums which contain text
data with single quotes. (') for example: table.field= "I don't like
fried chicken"
Prior to 4.3.0 the insert or update to mysql worked fine, now my users
get "You have an error in your SQL syntax near"
Honestly, cannot say whether this issue is mysql related or PHP 4.3.0
Previous Comments:
------------------------------------------------------------------------
[2003-02-25 19:35:44] oregon at pobox dot com
Nevermind, it actually does work apparently.
------------------------------------------------------------------------
[2003-02-25 19:26:33] oregon at pobox dot com
The magic_quotes_gpc option correctly escapes single quotes, but it
ignores the single quote in GET data when the single quote is
URL-encoded (as %27). This causes database errors on submitted data
what was supposed to be handled by magic_quotes_gpc.
Example: calling a script "view.php" with city set to "Martha's
Vinyard" URL-encoded will generate a DB error when the city is passed
to a database query...
http://mywebsite.com/view.php?city=Martha%27s+Vinyard
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=22424&edit=1
