gpg: failed to create temporary file '/var/lib/lurker/.#lk0x58467100.hantslug.org.uk.17246': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Wed Feb 4 13:26:09 2009 GMT
gpg: using DSA key 20ACB3BE515C238D
gpg: Can't check signature: No public key
On Wed, Feb 04, 2009 at 12:02:14PM +0000, Brian Chivers wrote:
> I'm trying to insert the text below into a mysql table but it's complaining, I think it's the '
> that's causing the problem.
>
> childrens's/youth program (general)
>
> The table is called stream and the field I'm trying to insert into is called genre and it's a
> varchar(200) collation utf_general_ci
>
> This is the command I'm using
>
> mysql_query(INSERT INTO stream (channel, starttime, title, description, genre, filename) VALUES
> ('$channel','$starttime','$title','$description','$genre','$filename'));
Don't do that. :)
The problem you're seeing is the least troublesome and least
damaging of the wide range of evil things that can happen if you write
code like that.
If you're using the simple mysql_* functions in PHP, you should
process *every* parameter passed to SQL through
mysql_real_escape_string() before putting it into an SQL statement.
However, this is still prone to breakage (if you forget to do it, for
example).
I would strongly recommend installing the MDB2[1] package from
PEAR[2], plus the MDB2 MySQL "driver" package, and using prepared
statements[3].
Hugo.
[1]
http://pear.php.net/package/MDB2/docs
[2]
http://pear.php.net/
[3]
http://pear.php.net/manual/en/package.database.mdb2.intro-execute.php
--
=== Hugo Mills: hugo@... carfax.org.uk | darksatanic.net | lug.org.uk ===
PGP key: 515C238D from wwwkeys.eu.pgp.net or http://www.carfax.org.uk
--- Quantum Mechanics: the dreams stuff is made of. ---
