Hi Loic :) In this case, why not trying : $variable=preg_replace("/&#/","&#",$variable); I think it's a good turnaround for the < and > problem. Joce ----- Original Message ----- From: "Loïc" <loic-div@ifrance.com> To: "phpMyAdmin" <phpmyadmin-devel@lists.sourceforge.net> Sent: Saturday, July 14, 2001 2:12 PM Subject: [Phpmyadmin-devel] Big problem :(

Hi all!

I have to test it some more more time and with the 2.1.0 old release, but it seems there is a big problem with the script: it uses everywhere the 'htmlspecialchars' function and then can returns valid rows from the db when this rows contains one of these html special characters.

Ex: if one set a field with the value "<test>", he can't delete/modify it from the links at the browse table because the parameter passed by url is "& lt;test >". This is also the case with values stored in hidden form fields.

This is really annoying because if this problem is confirmed, it means near all of the scripts will have to be modified to fix it and we will restart testings from scartch :(

Loïc, disapointed!

____________________________________________________________________________ __

ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif

_______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net http://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel