PHP Address Book / Bugs / #131 special character not escaped in forming inser queries

#131 special character not escaped in forming inser queries

Milestone: v1.0_(example)

Status: open

Owner: nobody

Labels: None

Priority: 1

Updated: 2016-06-21

Created: 2012-09-19

Creator: Anonymous

Private: No

The single quote character: "'" can be inserted in form fields and is not escaped when the insert query is prepared by php. Mysql find a non terminated string and the query fails. When updating a record a record to be updated is marked as deprecated before the insertion of the new, modified, record and if the insert fails the record disappears from the list.

Discussion

Anonymous - 2016-04-13

Post awaiting moderation.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Anonymous - 2016-06-21

Post awaiting moderation.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Anonymous

special character not escaped in forming inser queries

Simple, web-based address & phone book

Group

Searches

Help

#131 special character not escaped in forming inser queries

Discussion