Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Inconsistent escaping of problem characters for SQL (' & etc.)
02-26-2014, 07:11 AM,
#7
RE: Inconsistent escaping of problem characters for SQL (' & etc.)
(02-26-2014, 07:03 AM)icedlava Wrote: Hi Tim
(02-26-2014, 06:08 AM)Forums Wrote: This is due to the account description being incorrectly encoded for HTML special characters on line 321. Removing this should allow it to be saved and viewed correctly. Line 321 changes from:
htmlspecialchars($myrow[1],ENT_QUOTES,'UTF-8'),
to
$myrow[1],

Actually this is incorrect.

Line 321 is correct - you should always do this before displaying data as HTML.

Then I bow to your superior knowledge :-)

I had always understood that once the data had been "sanitised" it didn't need to be "re-sanitised" but I am just going off a few text books rather than any in depth knowledge.

Tim
Reply


Messages In This Thread
RE: Inconsistent escaping of problem characters for SQL (' & etc.) - by Forums - 02-26-2014, 07:11 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)