What an apostrophe can do to your site?

you'llHTML Special Character #39 – The Apostrophe: In this article, Thomas Shaw shows the screenshots of different job sites just after entering the word you’ll into search forms.

If you do not encode special characters in web forms, you run the risk of breaking the search query or the ability to insert malicious code into the database.

Tip: In PHP, always use mysql_real_escape_string function to sanitize data.

Or get RSS feed

This entry was posted on Friday, May 15th, 2009 at 11:44 pm and modified on Monday, February 28th, 2011 at 8:11 pm. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

Comments : 2

  1. is there any predefined method in ruby as ” mysql_real_escape_string” in php.

    Thank You,
    Uma.

    uma mahesh varma

    1. Hi Uma, I think you can use escape_string() or quote()

      I’m not familiar with Ruby. But a little googling, and I found this link: http://www.tmtm.org/en/mysql/ruby/

      Syam Kumar R

Pings/Trackbacks: 2

  1. Chat With A Hacker Wannabe - WebMaster View
  2. What an apostrophe can do to your site? - Forms Blog

RSS feed

follow

Be a Fan

Google+ Page