• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Why can't I escape this input????

#1
[eluser]KeyStroke[/eluser]
Hi,

I'm having a problem that's driving me insane. My search function query has this part:
Code:
AGAINST('?' IN BOOLEAN MODE)
and I'm using binding as you can tell, which automatically escapes variables (which is the search keywords here). However, if a user enters ', ", /, or other characters, then he'll get back a database SQL syntax error exposing the whole query.

Is there a way to treat any character(s) the user enters as search data without breaking the whole thing?

Appreciate your help.

#2
[eluser]Armchair Samurai[/eluser]
Try leaving out the quotes - query bindings should take care of that for you.

#3
[eluser]KeyStroke[/eluser]
Same thing with no quotes :\

#4
[eluser]KeyStroke[/eluser]
Anyone? Sad


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.