mysql error when I enter the apostrophe in the text area

pk698 · #1 08-15-2010, 07:57 PM

Hello.

my script gives a mysql error when I enter the apostrophe ' in a text area. does anyone know what could be causing it?

I did not write the script, but someone else did.

thanks.

ceaser · #2 08-15-2010, 08:08 PM

Whoever wrote the script didnt program the form content to be cleaned before being sent to the database. You have to escape the apostrophe and quotes with a \.

IE:
\' - html substitute = '
\" - html substitute = "
\n = newline
\t = tab

Pazeh · #3 08-16-2010, 09:20 AM

Quote:

Originally Posted by pk698

Hello.

my script gives a mysql error when I enter the apostrophe ' in a text area. does anyone know what could be causing it?

I did not write the script, but someone else did.

thanks.

I say you are in a serious problem!! Your database is totally vulnerable to SQL injection attack, very very easily!! Especially if your visitors do have access to that text area & can enter some text.

Never ever pass any variable that a user enters to DB without first sterilizing it!

There are a dozen way to sterilize, clean a user input do google for "sql injection" and "sterilize sql" for more info.

But remember to do the fix asap!

pk698 · #4 08-16-2010, 10:16 PM

A friend wrote this for me, I don't know any coding. anyone willing to help me out?

Pazeh · #5 08-17-2010, 08:56 AM

so the textarea is accessible by the visitors? if so, do PM me the url & I'll have a look

pk698 · #6 08-18-2010, 12:54 AM

I think I will just go ahead and get a programmer to recode it. Would be easier than trying to fix all the bugs.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Editing text in images / editing text in flash	mdawg	Web Hosting Services	9	03-23-2009 11:51 AM
MySQL Error	Kemistry	Shared Hosting Support	3	06-12-2006 11:50 AM