Facebook  Twitter 

SMFHacks.com

+- +-

SMFHacks.com

+- User Information

Welcome, Guest.
Please login or register.
 
 
 
Forgot your password?

+- Forum Stats

Members
Total Members: 12382
Latest: ImportedPotato
New This Month: 1
New This Week: 0
New Today: 0
Stats
Total Posts: 40254
Total Topics: 7090
Most Online Today: 178
Most Online Ever: 2482
(April 09, 2011, 07:02:45 pm)
Users Online
Members: 1
Guests: 50
Total: 51

Author Topic: Recording apostrophes into tables  (Read 720 times)

0 Members and 1 Guest are viewing this topic.

Offline shuban

  • Hero Member
  • *****
  • Posts: 657
    • View Profile
    • Homework Clinic - Your Academic Lifeline
Recording apostrophes into tables
« on: August 08, 2018, 04:27:44 pm »
Is it fine to record data containing apostrophe characters rather than their HTML codes?

Offline SMFHacks

  • Administrator
  • Hero Member
  • *****
  • Posts: 15123
    • View Profile
Re: Recording apostrophes into tables
« Reply #1 on: August 08, 2018, 04:39:45 pm »
As long as the database is escaped you can place it into the database.
Get your Forum Ranked! at https://www.forumrankings.net - find out how your forum compares with others!

Like What I do? Support me at https://www.patreon.com/vbgamer45/

Offline shuban

  • Hero Member
  • *****
  • Posts: 657
    • View Profile
    • Homework Clinic - Your Academic Lifeline
Re: Recording apostrophes into tables
« Reply #2 on: August 08, 2018, 05:20:50 pm »
That being said, I have a code that reads the URL with $_GET. Can you tell me if this is enough to protect from SQL injection?

$context['string'] = !empty($_GET['t']) ? trim(addslashes(stripslashes(un_htmlspecialchars($_GET['t'])))) : 0;

Code: [Select]
$dbresult = db_query("
SELECT column1
FROM {$db_prefix}TABLE_NAME
WHERE column1 LIKE '%".$context['string']."%'
LIMIT 1", __FILE__, __LINE__);

Offline SMFHacks

  • Administrator
  • Hero Member
  • *****
  • Posts: 15123
    • View Profile
Re: Recording apostrophes into tables
« Reply #3 on: August 08, 2018, 06:04:21 pm »
That should  be pretty good. since it escapes the ''s
Get your Forum Ranked! at https://www.forumrankings.net - find out how your forum compares with others!

Like What I do? Support me at https://www.patreon.com/vbgamer45/

 

Related Topics

  Subject / Started by Replies Last post
0 Replies
2387 Views
Last post February 13, 2008, 11:41:59 pm
by Rebecca
3 Replies
4569 Views
Last post August 06, 2012, 02:33:17 pm
by tank_fv101
6 Replies
2759 Views
Last post October 01, 2014, 11:54:27 am
by shuban

+- Recent Topics

Moving pictures to another user personal gallery by Hatshepsut
Today at 11:07:26 pm

Rebuild related images time too long by SMFHacks
August 09, 2020, 01:52:57 pm

Call to undefined function mysql_num_rows() by SMFHacks
July 30, 2020, 07:45:29 am

Problem with one videosite embedding by Hatshepsut
July 24, 2020, 01:25:08 am

Download System Lite by Rock Lee
June 03, 2020, 07:34:24 pm

Font question by SMFHacks
May 27, 2020, 08:15:26 am

Error message with latest SMF 2.1 Github build by Hatshepsut
May 25, 2020, 01:43:26 am

smfblog not working on 2.0.17 by tech9
May 20, 2020, 01:44:34 pm

Copyright removal by stbc
May 18, 2020, 01:27:57 am

Mod Verified User i can't square the image by Rock Lee
May 07, 2020, 07:56:10 pm

Powered by EzPortal