 |
|
Windows Web Hosting 30 Day Free TrialWindows Hosting 30 Day Free Trial, with no obligation, on all our Windows Web and Reseller Hosting Packages.For moreĀ informationĀ see our Windows Hosting 30 Day Free Trial page. |
apostrophe in form |
Post Reply 
|
| Author | |
eiffel 
Newbie 
Joined: 22 March 2011 Status: Offline Points: 2 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: apostrophe in formPosted: 22 March 2011 at 8:20pm |
|
I use the last version of RTE and the form save into database but if i got an apostrophe un the text area I got an error when to save into the database.
May you help. Thanks Eiffel |
|
 |
|
|
WebWiz-Bruce
Admin Group 
Web Wiz Developer Joined: 03 September 2001 Location: Poole, England Status: Offline Points: 8028 |
Post Options
Thanks(0)
Quote Reply
Posted: 23 March 2011 at 11:59am |
|
It sounds like you are injecting the submitted data directly in to the database. This is very bad!!
Not only will you find issues with apostrophes like you have now but you would be completely open to SQL Injection attacks against the database which could be used to view sensitive data or even drop whole tables. You should sanitise the submitted data before it is used. If you are using SQL Server or Access you need to escape apostrophes by replacing single apostrophes with two of them (eg ''). It is also worth looking up SQL Injections in Bing or Google so that you know how to also protect against this type of attack.
|
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
