re: filter input
On Wednesday 15 January 2003 04:26, julian haffegee wrote: I want to insert some text into my database, but I'm worried about bad data - metacharacters etc. So I need to filter the input and remove bad characters. Which characters should I remove? What is bad for mysql? does anyone know a good subroutine (or webpage telling me all about it) for reference. I did have a good(ish) php way of doing this, but need perl this time. You should escape some chars: http://www.mysql.com/doc/en/String_syntax.html Take a look at addslashes() function in PHP or mysql_escape_string(). You can also use MySQL function QUOTE(): http://www.mysql.com/doc/en/String_functions.html -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Victoria Reznichenko / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: filter input
If you're looking to qoute strings in perl, your DBI handle has a function called quote: $quoted_string = $dbh-quote($unqouted string) I believe you need to be connected to your database server in order to use this, and I am not POSITIVE whether this works for all RDBMS servers. Jeppe -Original Message- From: Victoria Reznichenko [mailto:[EMAIL PROTECTED]] Sent: 15. januar 2003 15:44 To: [EMAIL PROTECTED] Subject: re: filter input On Wednesday 15 January 2003 04:26, julian haffegee wrote: I want to insert some text into my database, but I'm worried about bad data - metacharacters etc. So I need to filter the input and remove bad characters. Which characters should I remove? What is bad for mysql? does anyone know a good subroutine (or webpage telling me all about it) for reference. I did have a good(ish) php way of doing this, but need perl this time. You should escape some chars: http://www.mysql.com/doc/en/String_syntax.html Take a look at addslashes() function in PHP or mysql_escape_string(). You can also use MySQL function QUOTE(): http://www.mysql.com/doc/en/String_functions.html -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Victoria Reznichenko / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
filter input
Hi all, I want to insert some text into my database, but I'm worried about bad data - metacharacters etc. So I need to filter the input and remove bad characters. Which characters should I remove? What is bad for mysql? does anyone know a good subroutine (or webpage telling me all about it) for reference. I did have a good(ish) php way of doing this, but need perl this time. Thanks anyone kind enough to help Jules - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php