Web Development Thread, OneOrZero / PHP Hack needed in Coding and Web Development; Need some help with this one..
Using LDAP to authenticate users in One||Zero, but come across a problem with a ...
11th February 2008, 02:33 PM #1
OneOrZero / PHP Hack needed
Need some help with this one..
Using LDAP to authenticate users in One||Zero, but come across a problem with a couple of users who have apostrophe's in their names.. (eg: O'Connor) and email addresses..
I need to know how to get PHP to ignore the apostrophe's as its refusing to allow them to logon with the following errors:
LDAP server did not return any users for the specified Username! ... Check the 'LDAP User Search Attribute' in the Moorside High School Server Settings!
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'neill',user_name='joneill',email='jo'neill@staff. internal',password='d41d8cd98f0' at line 1
IDG Tech News
11th February 2008, 03:00 PM #2
take a look at addslashes() to escape the single quotes before you try to use the variable to query the db.
11th February 2008, 08:28 PM #3
- Rep Power
As contink said, addslashes should do it for you.
You might want to check over the script for any other instances of that query, as allowing characters like that in the query unescaped is pretty dangerous - depending on your situation.
24th February 2008, 05:01 PM #4
- Rep Power
as said above, you should really be stripping all HTML and using addslash() to all your inputs fields, i usualy do it first thing, about a year ago my mate managed to SQL inject the virgin media website. its risky stuff. and in secondary schools and colleges students are becomming more and more clever!
By beeswax in forum Web Development
Last Post: 1st February 2008, 11:24 AM
By Benji1 in forum Hardware
Last Post: 27th November 2007, 09:57 AM
By alan-d in forum How do you do....it?
Last Post: 16th October 2007, 06:24 PM
By onsakia in forum Windows
Last Post: 14th June 2007, 08:50 AM
By projector1 in forum Hardware
Last Post: 24th February 2006, 10:20 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)