Re: [PHP] OO woes

Matthew Sims wrote: Your problem has nothing to do with the Objects (or really even PHP for that matter). You're not supposed to run mysql_escape_string on an entire query. So I ran my $_POST array into array_map before the injection: $_POST = array_map("mysql_escape_string","$_POST"); And it all w

Re: [PHP] OO woes

> Your problem has nothing to do with the Objects (or really even PHP for > that matter). You're not supposed to run mysql_escape_string on an > entire query. Yup, you are correct, my bad. So I ran my $_POST array into array_map before the injection: $_POST = array_map("mysql_escape_string","$_P

Re: [PHP] OO woes

Your problem has nothing to do with the Objects (or really even PHP for that matter). You're not supposed to run mysql_escape_string on an entire query. Here's an example of its usage: $sString = "This string contains a single-quote (')"; $sQuery = "INSERT INTO mytable SET mystrcolumn='{$sStrin

Re: [PHP] OO woes

$query = 'INSERT into aeMail set test=\''.$_POST["test"].'\''; Your quotes look screwy to me. You seem to be missing both trailing single quotes. try this: $query = 'INSERT into aeMail set test=\'''.$_POST["test"].'\'''; At 01:07 PM 7/12/2004, Matthew Sims wrote: PHP version 5.0.0RC3 (cgi) (built

RE: [PHP] OO woes

> Hi, > > Doesn't sound like an OO issue, sounds like you're kiling the query > with the '. You should go thru and maybe do an str_replace( "'", "\'", > $_POST['test'] ) on all your post variables. > > -Dan Joseph > Ha! That did it. Thanks! --Matthew Sims -- >>

RE: [PHP] OO woes

Hi, Doesn't sound like an OO issue, sounds like you're kiling the query with the '. You should go thru and maybe do an str_replace( "'", "\'", $_POST['test'] ) on all your post variables. -Dan Joseph > -Original Message- > From: Matthew Sims [mailto:[EMAIL PROTECTED] > Sent: M