On Thu 17 Mar 05, 4:10 PM, Reid Thompson <[EMAIL PROTECTED]> said:
>
> > I read that in a NSP book awhile ago (Linux Cookbook). It's
> > faster than "%s/ //g". Very handy. But which problem does this
> > address? :)
> >
> > Pete
>
> This is some PHP code on Linux. I suspect it was
> I read that in a NSP book awhile ago (Linux Cookbook). It's
> faster than "%s/ //g". Very handy. But which problem does this
> address? :)
>
> Pete
This is some PHP code on Linux. I suspect it was originally written
> > on a Microsoft operating system because when I edit the files, my
On Thu 17 Mar 05, 2:26 PM, Reid Thompson <[EMAIL PROTECTED]> said:
> Peter Jay Salzman wrote:
> > Hi Mike,
> >
> > To be perfectly honest, other than being a Microsoft thing, I
> > don't really know what .NET is. Pretty pathetic, huh? :)
> >
> > This is some PHP code on Linux. I suspect it
Peter Jay Salzman wrote:
> Hi Mike,
>
> To be perfectly honest, other than being a Microsoft thing, I
> don't really know what .NET is. Pretty pathetic, huh? :)
>
> This is some PHP code on Linux. I suspect it was originally
> written on a Microsoft operating system because when I edit
> the
Well the [ ] aren't a .NET thing, SQLite supports them, using [ ] are a
standard supported SQLite feature and they make you're life way, way,
easier, see: http://www.sqlite.org/lang_keywords.html
[keyword] A keyword enclosed in square brackets is always understood as
an identifier. This is not
Hi Eugene,
Yes, this worked great. I just find it hard to believe that it's all
necessary.
Without using sqlite_escape_string, single quotes cause "SQL Logic or
missing database" errors. So I'm forced to use that function on variables
set via a form.
But then to avoid the "backslash in the
Hi Mike,
To be perfectly honest, other than being a Microsoft thing, I don't really
know what .NET is. Pretty pathetic, huh? :)
This is some PHP code on Linux. I suspect it was originally written on a
Microsoft operating system because when I edit the files, my editor reports
the textfiles as
> What's the proper way to ensure that ' characters are properly quoted but
> don't show up in the output?
Honestly, we use the SQLite .NET managed driver and pass all data in via
parameters, therefore we have no escape issues and more importantly no SQL
injection woes, if you're taking data
Hi,
I think the reason is that sqlite_escape_string() doubles single quotes
to escape them.
However, you have magic_quotes_gpc set to 1 in php.ini
As such, incoming variables are escaped using backslashes.
A solution is to use stripslashes() on the incoming variables if
get_magic_quotes_gpc()
9 matches
Mail list logo
