• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Why can't I escape this input????


I'm having a problem that's driving me insane. My search function query has this part:
and I'm using binding as you can tell, which automatically escapes variables (which is the search keywords here). However, if a user enters ', ", /, or other characters, then he'll get back a database SQL syntax error exposing the whole query.

Is there a way to treat any character(s) the user enters as search data without breaking the whole thing?

Appreciate your help.

[eluser]Armchair Samurai[/eluser]
Try leaving out the quotes - query bindings should take care of that for you.

Same thing with no quotes :\

Anyone? Sad

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.