[Phpmyadmin-devel] Two big bugs

Marc Delisle DelislMa at CollegeSherbrooke.qc.ca
Fri Jul 13 14:43:53 CEST 2001


Yes I added the htmlspecialchars to handle bug 439565, but maybe it's not a good
fix.

Marc

Loïc a écrit :

> Hi All!
>
> Here are two really annoying bugs I've been reported:
>
> 1. select * from aTable where afield <123
>     select * from aTable where afield like "arg"
>
> Before these kind of queries are submitted to MySQL, the 'htmlspecialchars'
> function is applied on them (db_readdump.php3, line 62). Then the '<' and
> '"'
> characters are replaced by their html entities and, of course, MySQL fails
> to run the transformed query.
>
> The question is: does anyone of you knows why the 'htmlspecialchars'
> funtion is applied at this stage? I've just tried to comment this line and
> can't
> face any problem!
>





More information about the Developers mailing list