Hello,
The query below works if $find is just a regular word with no special characters, and it even works if $find has a "%" in it or a "&".
However, it does not work if $find has an apostrophe in it. Any ideas on how I can change the code to make it work if $find has an apostrophe in it?
Thanks in advance,
John - <?
-
-
$find1 = urlencode($find);
-
print "<form action='process.php?find=$find1' method='post'>
-
Add site: <input name='site' type='text' size='50'>
-
<input type='submit' value='Submit'>
-
</form> ";
-
?>
Then, on process.php, I have: - <?
-
-
$remove_array = array('http://www.', 'http://', 'www.');
-
$site = str_replace($remove_array, "", $_POST['site']);
-
mysql_connect("mysqlv10", "username", "password") or die(mysql_error());
-
mysql_select_db("database") or die(mysql_error());
-
-
$_GET['find'] = $find;
-
$_GET['find'] = stripslashes($_GET['find']);
-
$find = urldecode($find);
-
-
mysql_query("INSERT INTO `$find` VALUES (NULL, '$site',1,0)");
-
-
-
?>
1 2219 Markus 6,050
Recognized Expert Expert
First of all, you are wide open to SQL Injection. Please read up on this to prevent any malicious attacks on your database.
Your problem is directly related to the above, and the article can explain it better than myself.
Check out PDO library (specifically, prepared statements), and mysql_real_esca pe_string().
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: shank |
last post by:
1) I'm getting this error: Syntax error (missing operator) in query
expression on the below statement. Can I get some advice.
2) I searched ASPFAQ and came up blank. Where can find the "rules" for when
and how to use single quotes and double quotes in ASP?
thanks!
----------------------
SQL = SQL & "WHERE '" &
REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE("GenKTitles.
|
by: Dave |
last post by:
Hi all,
I've been trying to figure this out for the last day and a half and
it has me stumped. I've got a web application that I wrote that
keeps track of trading cards I own, and I'm moving it from an
Access 2000 database to a SQL Server 2000 database. Everything
worked perfectly in Access, but I'm having trouble getting data to
display in SQL Server.
For reference, here's the query. It's big and nasty, but I thought
|
by: John young |
last post by:
I have been looking for an answer to a problem and have found this
group and hope you can assist .
I have been re doing a data base I have made for a car club I am with
and have been trying to make a query that selects from a table as
desribed below ..
I have a table (Volunteer) that has a member field (memnumber)
and a number of fields that are headed in various categories and are
yes/no formated
|
by: Dave Hopper |
last post by:
Hi
I posted a question recently regarding problems I am having getting a
value from a list box to use in a query. I got a lot of help, for
which I thank you and it's nearly working! But I need a little more
help on one more point.
This is what i've got. I have code that hunts for updated
appointments in a public folder based on the order that happens to be
open (code fires on an on open event) This works fine and updates my
|
by: herlihyboy |
last post by:
I have searched and can't find any articles pertaining to this issue...
I am filling a dataset using a SqlDataAdapter that was instantiated
with a SqlCommand object. When the Fill method is called, I get the
"incorrect syntax near..." error message that you typically see when a
query is constructed and apostrophes aren't doubled up.
However, it was my understanding that using the SqlCommand object and
creating/populating my parameters...
| |
by: Tom |
last post by:
Hi, I have some kind of problems with an apostrophe character ('). I would
like to select from DataTable DataRow containing value horses' (with an
apostrophe on the end). But when I do it in an obvious way, like this:
DataTable dt = new DataTable();
DataColumn id = new DataColumn("ID", Type.GetType("System.Int32"));
|
by: Kelii |
last post by:
I've been trying to get this piece to work for a few hours, but have
given up. I hope someone out there can help, I think the issue is
relatively straightforward, but being a novice, I'm stumped. Below you
will find the code I've written and the error that results. I'm hoping
that someone can give me some direction as to what syntax or parameter
is missing from the code that is expected by VBA.
Overview:
I'm trying to copy calculated...
|
by: bryant |
last post by:
Hi all.
I am new to ASP and working in Expression Web. The following query
displays the information I need in the gridview for a single record.
SELECT "OE_HDR"."ORD_NO", "OE_HDR"."CUST_NAM", "OE_HDR"."SLS_MAN_NO",
"OE_HDR"."SLS_MAN_INITIALS", "OE_HDR"."ORD_DAT", "OE_HDR"."SHIP_DAT"
FROM "OE_HDR" WHERE ("OE_HDR"."ORD_NO"='174310')
I also have DropDownList1 working properly. For the WHERE portion of
|
by: pretzelboy |
last post by:
Hi,
I last wrote software 13years ago in the pascal, dbase, clipper days.
I have recently built a Ubuntu Box and with C++ (and help from the web) setup a serial barcode reader program using Mysql database tables.
All works well, and I can do what I need except I am having some trouble with applying an MySQL query result into a defined variable. This would seem like such an easy thing to do.
The only examples I can find out there are...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |