[Phpmyadmin-devel] Re: Using single quotes for better performances

Loïc loic-div at ifrance.com
Fri Jul 20 03:28:17 CEST 2001


Pete wrote
>Yes I'm fine thanks I have been very busy, and you?

I am currently very busy (I'm working on a economic draft... at 3:30 am!)

>Why is 'htmlspecialchars' used for field editing?

That's the question! The problem is to suppress the double quotes in the
value statement of an html input tag, but using the 'htmlspecialchars'
function here is not the solution: urlencode is far better (of course you
have to urldecode that string in the script it has been passed to).

[About Benjamin Gandon's message]
------ Fwd ------
>The current version (in lib.inc.php3 1.56) is exactly mine
>(without my comments though :)) except one line that was added
>and that introduces a bug :
>
>   if($last_char == $in_string && $char == ")")  $in_string = false;
>
>The bug appears if you try to exec 2 SQL queries like that
>(from an uploaded file or directly in the query field because
>both are handled by the same code) :
>
>INSERT INTO foo(id, text) VALUES ('1', 'I\'m sure that \')# will cause a
bug');
>INSERT INTO foo(id, text) VALUES ('2', 'Indeed \'); that\'s the case');

Have fun ;)
Loïc

 
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif






More information about the Developers mailing list