13 Jul
2001
13 Jul
'01
2:43 p.m.
Yes I added the htmlspecialchars to handle bug 439565, but maybe it's not a good fix.
Marc
Loïc a écrit :
Hi All!
Here are two really annoying bugs I've been reported:
- select * from aTable where afield <123 select * from aTable where afield like "arg"
Before these kind of queries are submitted to MySQL, the 'htmlspecialchars' function is applied on them (db_readdump.php3, line 62). Then the '<' and '"' characters are replaced by their html entities and, of course, MySQL fails to run the transformed query.
The question is: does anyone of you knows why the 'htmlspecialchars' funtion is applied at this stage? I've just tried to comment this line and can't face any problem!