|
As you could have seen, there is a major security problem in SQL requests. you certainly use '+Var+' to quote strings....
the solution is to create a simple text function named sqlquote which is like that :
return "'"+replace(str,"'","''")+"'"
Requests will be much clear... like
$sReq = "SELECT WHERE COL=".sqlquote($var);
In France, we often use the quote in sentences... like L'école, L'ouvrier etc...
we must write L''école to write in forums or anywhere in phpgroupware...
Else Fine suite, continue your job like that :)
| |||
|
|
IncrediMail - Email has finally evolved - Click Here