Advanced Search

Results 1 to 2 of 2

Thread: mySQL Single Quote Issue

  1. #1
    Join Date
    Feb 2013
    Location
    California
    Posts
    46
    Thanks
    12
    Thanked 0 Times in 0 Posts

    Default mySQL Single Quote Issue

    I am have an issue with the entries of a large text field being truncated on an insert.

    The field is entered via a form and the input value is stored in a variable after submission with...

    $note_field = htmlspecialchars($_POST['note_field'], ENT_QUOTES);

    I recently had a situation where one record was updated 5 times over several days. The first two had no problem, but on the third, part of this field was truncated due to an embedded single quote within the text. (Note: for security reasons all query strings are written to a transaction log.)

    I suspect that there might be an issue with a user using a Mac and thus the weird character set that sometime gets entered.

    Any thoughts on how to address this issue?

    TIA
    jdadwilson

  2. #2
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,623
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    I would need to see your code, but the fact that a single-quote is causing problems suggests that you aren't sanitizing your data before passing it to the database. This is VERY UNSAFE. Best case is SQL errors and corrupt data, as you are experiencing now. Worst case is someone takes over your database, and from there your website/server.
    We Only Torture the Folks We Don't Like (You're Probably Gonna Be Okay)
    It's a Party in the CIA

  3. The Following User Says Thank You to traq For This Useful Post:

    jdadwilson (07-24-2013)

Similar Threads

  1. Help Needed for Newbie for Price Quote Issue
    By webby1 in forum Looking for such a script or service
    Replies: 9
    Last Post: 03-23-2011, 10:47 AM
  2. PHP URL MySQL Issue
    By DigiplayStudios in forum PHP
    Replies: 4
    Last Post: 09-25-2010, 03:46 PM
  3. mysql and url issue
    By viktor in forum PHP
    Replies: 0
    Last Post: 02-16-2010, 01:49 AM
  4. Replies: 5
    Last Post: 12-30-2008, 07:52 AM
  5. single quotes & double quotes insert into mysql
    By shyne in forum MySQL and other databases
    Replies: 3
    Last Post: 11-25-2007, 08:18 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •