20 Jul
2001
20 Jul
'01
3:29 a.m.
Hi Pete :)
How are you?
Thanks for your trick. I haven't test it yet because it it runs it helps to
show
the second part of the 'htmlspecialchars' bug :(
Let's say we have:
- build a table with one varchar(15) column;
- enter the record 'say "hello"' in this table.
Now we want to modify this record from 'say "hello"' to 'say
"hello" to
Pete' ;)
We use the modify link from the browse table page, hopefully we can see the
record and then append ' to Pete' at the end of the existing value.
We enter the modification and browse the table again to see the change....
KABOOOM: it's new value is 'say & quot;hello& quot; to Pete'
The only way to fix all the problem is to avoid the use the
'htmlspecialchars'
to define the values of input form fields.
Greets,
Loïc
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
20 Jul
20 Jul
4:01 a.m.
New subject: [Phpmyadmin-devel] Re: Using single quotes for better performances
Hi Loic
Yes I'm fine thanks I have been very busy, and you?
> I haven't test it yet because it runs it helps
to show the second part of
the 'htmlspecialchars' bug <<
Don't bother running the function, I have just found a big bug in it :-( It
works fine with small queries but fails on larger multi field queries.
Why is 'htmlspecialchars' used for field editing?
>Have you seen the message from Benjamin Gandon (A
bit of story about
split_string()...) and the problem he faced with the
'split_sql_file()'
function?<<
No
The split_sql_file function doesn't use the split_string function!!!
Have fun
Pete
----- Original Message -----
From: "Loïc" <loic-div(a)ifrance.com>
To: "phpMyAdmin" <phpmyadmin-devel(a)lists.sourceforge.net>
Sent: Friday, July 20, 2001 1:29 AM
Subject: Re: [Phpmyadmin-devel] Re: Using single quotes for better
performances
Hi Pete :)
How are you?
Thanks for your trick. I haven't test it yet because it it runs it helps
to
show
the second part of the 'htmlspecialchars' bug :(
Let's say we have:
- build a table with one varchar(15) column;
- enter the record 'say "hello"' in this table.
Now we want to modify this record from 'say "hello"' to 'say
"hello" to
Pete' ;)
We use the modify link from the browse table page, hopefully we can see
the
record and then append ' to Pete' at the end
of the existing value.
We enter the modification and browse the table again to see the change....
KABOOOM: it's new value is 'say & quot;hello& quot; to Pete'
The only way to fix all the problem is to avoid the use the
'htmlspecialchars'
to define the values of input form fields.
Greets,
Loïc
____________________________________________________________________________
__
ifrance.com, l'email gratuit le plus complet de
l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
_______________________________________________
Phpmyadmin-devel mailing list
Phpmyadmin-devel(a)lists.sourceforge.net
http://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
8463
days inactive
8463
days old
1 comments
2 participants
participants (2)
-
Loïc -
webmaster@trafficg.com