[Phpmyadmin-devel] Two big bugs

Marc Delisle DelislMa at CollegeSherbrooke.qc.ca
Fri Jul 13 15:07:43 CEST 2001


Good idea!

Loic, are you working on this?
Maybe the htmlspecialchars I added in db_readdump.php3 and lib.inc.php3 should
be removed?

"Fournier Jocelyn [Presence-PC]" a écrit :

> Why not trying :
>
> $variable = preg_replace("/&/","&",$variable);
>
> ?
>
> Jocelyn Fournier
> Presence-PC
> www.presence-pc.com
>
> ----- Original Message -----
> From: "Marc Delisle" <DelislMa at CollegeSherbrooke.qc.ca>
> To: <phpmyadmin-devel at lists.sourceforge.net>
> Sent: Friday, July 13, 2001 2:43 PM
> Subject: Re: [Phpmyadmin-devel] Two big bugs
>
> Yes I added the htmlspecialchars to handle bug 439565, but maybe it's not a
> good
> fix.
>
> Marc
>
> Loïc a écrit :
>
> > Hi All!
> >
> > Here are two really annoying bugs I've been reported:
> >
> > 1. select * from aTable where afield <123
> >     select * from aTable where afield like "arg"
> >
> > Before these kind of queries are submitted to MySQL, the
> 'htmlspecialchars'
> > function is applied on them (db_readdump.php3, line 62). Then the '<' and
> > '"'
> > characters are replaced by their html entities and, of course, MySQL fails
> > to run the transformed query.
> >
> > The question is: does anyone of you knows why the 'htmlspecialchars'
> > funtion is applied at this stage? I've just tried to comment this line and
> > can't
> > face any problem!
> >
>
> _______________________________________________
> Phpmyadmin-devel mailing list
> Phpmyadmin-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
>
> _______________________________________________
> Phpmyadmin-devel mailing list
> Phpmyadmin-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel





More information about the Developers mailing list