In my attempts to protect my database from mySQL injection I have created another problem for myself....
Currently all user inputted strings go through this function;
Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);
$string = htmlentities($string);
return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.
Question;
1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.
thanks.
FTP issues
Hi all,I am currently facing some serious problems with a script and really need some advise before I am actually sick To give you a brief overview of the situation, I have a script which is going to
Parse multirow HTML table
Hello all, I have a site I am working on. Its a sports site and I am trying to add stats to a DB. I have a table that will have varying amounts of rows depending on how many kids are on the team. I
Extending Exception to contain method name
I was wondering, if there's a way to extend Exception in such a way, that it would contain name of a method where it has been thrown.Right now I have this:class myException extends Exception {
Embedding flash object in Else statement
This is my first major project in PHP and I'm having some trouble embedding a flash object in an Else statement. I've googled it several times, and looked at several sites and they all seem to
Parse Error with doctype
I'm getting a parse error with this simple code. I don't get it. It worked one time then when I reloaded the page in FF the code throws this parse error. Parse error: parse error in
MySQL query problem
When I try to run the following piece of code, I get this error:QuoteWarning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/muskelmann098/public_html/build.php on line
GET vs SUBMIT Button to show sections on one index.php page?
Just curious if one of these ways is better (i.e. more efficient) than the other. I have an index.php page where there is a menu across the top with 5 choices. For example, HOME | MONKEYS | CATS |
Output Full URL of Current Page
Let's say I am currently viewing a dynamic page: http://www.mydomain.com/directory/index.php?type=flowers I want this URL to be output on the page, but not including the end parameters.
C - Reading a file into a byte array
Hi,I'm trying to read a file into a byte array in C. I have to use C as this is for a loadrunner script which is based on the C programming languageThe .Net code from the developers I'm basically
adding up might be solved tell us cheers.
i think i finally solved this anybody.last time i was getting the wrong results.Code: <?php// price of item.$price="100.00";//quenity of items.$quenity="7";// tax