Brian Chivers wrote:
> I'm trying to insert the text below into a mysql table but it's complaining, I think it's the '
> that's causing the problem.
>
> mysql_query(INSERT INTO stream (channel, starttime, title, description, genre, filename) VALUES
> ('$channel','$starttime','$title','$description','$genre','$filename'));
>
> All the other fields work OK & if I remove the ' from $genre it works OK.
>
Hi Brian, I've only been using PHP with mysql for 12 months but I have
found PHP so easy to learn and you can rapidly prototype web
applications. You could use basic input validation like
if (!get_magic_quotes_gpc()) {
$Search = addslashes($Search);
}
// see /etc/php.ini magic_quotes_gpc = Off [turned off for Performance]
if (isAlphaNumeric($_POST['username']) &&
isAlphaNumeric($_POST['password'])) {
....
}
will stop SQL injection using single quote input while you get to grips
with more secure methods.
My PHP application called mailmapping on sourceforge.net might help
with how to display/search/export mysql data (only tested on Linux).
John.
--
--------------------------------------------------------------
Discover Linux - Open Source Solutions to Business and Schools
http://discoverlinux.co.uk
--------------------------------------------------------------
