On Tue, 17 Jun 2003 17:00:26 +0200, you wrote:
>I'm embedding an SQL query constructed in Javascript to an URL and opening
>it in PHP where I try to execute it.
I can't believe anyone hasn't jumped on this yet :)
Please be very, very careful. There's a big big hole there.
>Problem is, the string arrives garbled, with all the apostrophes escaped.
Escaped how, exactly? With backslashes? Doubled apostrophes?
The obvious thing would be a
$query = str_replace("''", "'", $query);
But again, please reconsider what you're doing - it sounds like you're
trusting the client way too much. If you go ahead, ask on a
database-specific mailing list about the holes you need to plug.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
