Hi,
Hoping someone can help, I have a sql query which is passed to the
script via the url, this is like:-
&stmt=select%20*%20from%20table%20where%20(%20stat us!='Closed'%20.....
If I look at $_GET['stmt'], this gives:-
select * from tickets where ( status=''Closed'' ......
If I look at $HTTP_GET_VARS['stmt'], this gives:-
select * from tickets where ( status=\'Closed\' ......
To get the query back again I run through stripslashes(), however
obviously this will have no affect with the $_GET['stmt'] variable.
So to my question, why am I getting differing results I believed that
the two variables were always the same, why is the ' not being escaped
with a \???
I am running php 5.0.3 on apache
Would appreciate some enlightenment, as I am beginning to pull my hair
out. I only have this problem with sqlite queries, mySQL queries are
escaped correctly in $_GET['stmt'].
Thanks in advance
Chris