Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Inconsistent escaping of problem characters for SQL (' & etc.)
02-26-2014, 07:11 AM
Post: #7
RE: Inconsistent escaping of problem characters for SQL (' & etc.)
(02-26-2014 07:03 AM)icedlava Wrote:  Hi Tim
(02-26-2014 06:08 AM)Forums Wrote:  This is due to the account description being incorrectly encoded for HTML special characters on line 321. Removing this should allow it to be saved and viewed correctly. Line 321 changes from:
htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8'),
to
$myrow[1],

Actually this is incorrect.

Line 321 is correct - you should always do this before displaying data as HTML.

Then I bow to your superior knowledge :-)

I had always understood that once the data had been "sanitised" it didn't need to be "re-sanitised" but I am just going off a few text books rather than any in depth knowledge.

Tim
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
RE: Inconsistent escaping of problem characters for SQL (' & etc.) - Forums - 02-26-2014 07:11 AM

Forum Jump:


User(s) browsing this thread: 1 Guest(s)