Re: [Phpmyadmin-devel] Re: Using single quotes for better performances
Hi Pete :) How are you? Thanks for your trick. I haven't test it yet because it it runs it helps to show the second part of the 'htmlspecialchars' bug :( Let's say we have: - build a table with one varchar(15) column; - enter the record 'say "hello"' in this table. Now we want to modify this record from 'say "hello"' to 'say "hello" to Pete' ;) We use the modify link from the browse table page, hopefully we can see the record and then append ' to Pete' at the end of the existing value. We enter the modification and browse the table again to see the change.... KABOOOM: it's new value is 'say & quot;hello& quot; to Pete' The only way to fix all the problem is to avoid the use the 'htmlspecialchars' to define the values of input form fields. Greets, Loïc ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif
Hi Loic Yes I'm fine thanks I have been very busy, and you?
I haven't test it yet because it runs it helps to show the second part of the 'htmlspecialchars' bug <<
Don't bother running the function, I have just found a big bug in it :-( It works fine with small queries but fails on larger multi field queries. Why is 'htmlspecialchars' used for field editing?
Have you seen the message from Benjamin Gandon (A bit of story about split_string()...) and the problem he faced with the 'split_sql_file()' function?<<
No The split_sql_file function doesn't use the split_string function!!! Have fun Pete ----- Original Message ----- From: "Loïc" <loic-div@ifrance.com> To: "phpMyAdmin" <phpmyadmin-devel@lists.sourceforge.net> Sent: Friday, July 20, 2001 1:29 AM Subject: Re: [Phpmyadmin-devel] Re: Using single quotes for better performances
Hi Pete :)
How are you?
Thanks for your trick. I haven't test it yet because it it runs it helps to show the second part of the 'htmlspecialchars' bug :(
Let's say we have: - build a table with one varchar(15) column; - enter the record 'say "hello"' in this table.
Now we want to modify this record from 'say "hello"' to 'say "hello" to Pete' ;) We use the modify link from the browse table page, hopefully we can see the record and then append ' to Pete' at the end of the existing value. We enter the modification and browse the table again to see the change.... KABOOOM: it's new value is 'say & quot;hello& quot; to Pete'
The only way to fix all the problem is to avoid the use the 'htmlspecialchars' to define the values of input form fields.
Greets, Loïc
____________________________________________________________________________ __
ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif
_______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net http://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
participants (2)
-
Loïc -
webmaster@trafficg.com