In my attempts to protect my database from mySQL injection I have created another problem for myself....
Currently all user inputted strings go through this function;
Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);
$string = htmlentities($string);
return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.
Question;
1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.
thanks.
Undefined variable: adHTML
Hello:While checking my site error logs, I've noticed one repetitive error that fills the log file. The error is "PHP Notice: Undefined variable: adHTML in /.../bot_jrheader.php on line
help with variable
I've got a problem, i want to echo some images depending on the $id, however for me to get that id i have to extract it from a query. So i've done that, but i want to extract all id's (not just 1), so
Packet Design
Hi All,Im new about network programming and I want to design a protocol but I have some questions about packet desing. For example I wanna do a sturct to send informations like that ;struct info {
Credit card verification
I have a client who wants to process credit card transactions from his web site rather than the going through something like paypal. I've never done that before...what is my first step? I really dont
Ajax Error since Upgrading to 3.5
Ever since upgrading my site to .NET 3.5 (I needed LINQ), I've been getting this annoying error on one of my pages:
fwrite error
Hi All,Does anyone know what is causing the error in this code?Code: <?$errorLog_FilePath = "error_log.txt";$handle = @fopen($errorLog_FilePath,'a+');$strError =
Sufficient protection from bad input?
I am writing a simple script to let people upload 'pages' of their own content, be it simply a few bits of HTML, pictures and whatnot, and recieve their own url.. I've without testing, wrote this part
help with php
It's not displaying or pulling anything out of the database. Code: <html><head><title>Hale's Music World: Inventory Search
Parse String
I need to parse the string below into three variables. How would I do that?john + 10/20/2008 - 10/30/2008+ and - are separators
Do While statement
hi guys,This may sound trivial but im new to php and as part of an assignmenti have to construct the 10 green bottles song using the do while statement. I can do the statement but it is itengrating