Web Wiz - Solar Powered Eco Web Hosting

  New Posts New Posts RSS Feed - apostrophe in form
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

apostrophe in form

 Post Reply Post Reply
Author
eiffel View Drop Down
Newbie
Newbie


Joined: 22 March 2011
Status: Offline
Points: 2
Post Options Post Options   Thanks (0) Thanks(0)   Quote eiffel Quote  Post ReplyReply Direct Link To This Post Topic: apostrophe in form
    Posted: 22 March 2011 at 8:20pm
I use the last version of RTE and the form save into database but if i got an apostrophe un the text area I got an error when to save into the database.

May you help.

Thanks

Eiffel
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9791
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 23 March 2011 at 11:59am
It sounds like you are injecting the submitted data directly in to the database. This is very bad!!

Not only will you find issues with apostrophes like you have now but you would be completely open to SQL Injection attacks against the database which could be used to view sensitive data or even drop whole tables.

You should sanitise the submitted data before it is used. If you are using SQL Server or Access you need to escape apostrophes by replacing single apostrophes with two of them (eg '').

It is also worth looking up SQL Injections in Bing or Google so that you know how to also protect against this type of attack.
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.07
Copyright ©2001-2024 Web Wiz Ltd.


Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Policy

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2024 Web Wiz Ltd. All rights reserved.