|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2003-02-25 19:26 UTC] oregon at pobox dot com
The magic_quotes_gpc option correctly escapes single quotes, but it ignores the single quote in GET data when the single quote is URL-encoded (as %27). This causes database errors on submitted data what was supposed to be handled by magic_quotes_gpc. Example: calling a script "view.php" with city set to "Martha's Vinyard" URL-encoded will generate a DB error when the city is passed to a database query... http://mywebsite.com/view.php?city=Martha%27s+Vinyard PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Wed May 01 21:01:29 2024 UTC |
I am noticing this same problem since i upgraded to 4.3.0 in January. I have rows stored in mysql tables that have colums which contain text data with single quotes. (') for example: table.field= "I don't like fried chicken" Prior to 4.3.0 the insert or update to mysql worked fine, now my users get "You have an error in your SQL syntax near" Honestly, cannot say whether this issue is mysql related or PHP 4.3.0