#20 problem with quote detection on mysql_real_escape_string ?

open
nobody
None
5
2013-02-28
2013-02-28
Anonymous
No

Hello,

This one I'm not absolutely sure about wether it's a bug report or more of a support request.
I am getting reports of a sing due to usage of mysql_real_escape_string without quotes in a code like the following :

$token = mysql_real_escape_string($_GET['token']);
$data1 = mysql_fetch_array(mysql_query("SELECT token FROM table WHERE token='" . $token . "'"));

It pretty much seems to me that there is in fact quotes but that rips is just failing to find them.
Am I right or do I just do everything wrong ?

Thanks

Discussion


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks