On Tue, 17 Jun 2003 17:00:26 +0200, you wrote: >I'm embedding an SQL query constructed in Javascript to an URL and opening >it in PHP where I try to execute it.
I can't believe anyone hasn't jumped on this yet :) Please be very, very careful. There's a big big hole there. >Problem is, the string arrives garbled, with all the apostrophes escaped. Escaped how, exactly? With backslashes? Doubled apostrophes? The obvious thing would be a $query = str_replace("''", "'", $query); But again, please reconsider what you're doing - it sounds like you're trusting the client way too much. If you go ahead, ask on a database-specific mailing list about the holes you need to plug. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php