Skip to main content
370 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
0 votes
0 answers
185 views

I have strings like Origi\"nal and Origi"nal . I want to convert them to raw string and then to a Json String and write to a table in Redshift. Example output of "select col from ...
Ayushi Bansal's user avatar
  • 11
0 votes
0 answers
31 views

So, I have a link like this... http://my-affiliate.com?pr=9&user=274934&ad_id=12598 And I am trying to pass it through a link with get variables, such as... http://my-website.com/ad-...
Donald Faulknor's user avatar
  • 37
5 votes
2 answers
4k views

Editing someone else's code found this query: SELECT c.name AS category_name, p.id, p.name, p.description, p.price, p.category_id, p.created FROM products ...
quantme's user avatar
  • 3,655
1 vote
1 answer
169 views

My site was hacked and I was able to retrieve some SQL from binlog, they look like <p>some text</p>\r\n<p><img src=\"images/2019-04-27/1.jpg\" alt=\"1\" /></p> I need to ...
shenkwen's user avatar
  • 3,918
2 votes
1 answer
2k views

I am keeping record of every request made to my website. I am very aware of the security measurements that need to be taken before executing any MySQL query that contains data coming from query ...
Eduardo Ponce de Leon's user avatar
  • 9,796
0 votes
0 answers
259 views

I am using mysqli_real_escape_string() function for prevent SQl Injection.My code <?php // open a connection $dhost = 'localhost'; $duser = 'user'; $dpw = 'pass'; $dname = 'db_name'; $connection ...
user avatar
0 votes
1 answer
503 views

I have code that generalizes building the SQL string to insert a record into a table by (1) setting the 'name' of the form element to be the same as the table column to which it corresponds, and (2) ...
rfm's user avatar
  • 3
-2 votes
1 answer
2k views

when I run select statement from mysql database, characters like \n \t will be escaped. Is there a way to see these original characters in mysql? What I want to see is something like "java.lang....
Bargitta's user avatar
  • 2,446
0 votes
1 answer
625 views

I am trying to copy image blobs from one table to another, and it is not working, since the mysql_real_escape_string () is no longer available. The special characters in the blob are blocking the ...
Andrew's user avatar
  • 63
0 votes
0 answers
138 views

I have a function to escape string in my OOP PHP project like this.... public function escape($string) { $query = mysqli_real_escape_string($this->connection, $string); return $query; } is ...
Iam Loki's user avatar
  • 41
0 votes
1 answer
1k views

I have $_POST with 20 keys. I want to apply mysqli_real_escape_string() for the entire $_POST array. So, should I apply mysqli_real_escape_string() to all 20 keys separately? Or is there any loop or ...
Bhavesh Patel's user avatar
  • 125
1 vote
0 answers
1k views

I was trying to save some data (a table) as JSON in my database with AngularJS and PHP. For that, I would want to convert it to string first and then escape special characters (avoiding SQL injection)....
Aleksey Solovey's user avatar
  • 4,166
0 votes
2 answers
4k views

We have tried this way. But it is not working. please any one tell alternative method in wordpress $wpdb->query("UPDATE ".$wpdb->prefix."recommend_bets SET `title`='".mysqli_real_escape_string($...
Arun Kumar's user avatar
  • 1,633
1 vote
0 answers
220 views

I have a web service which inserts various user input into a MySQL DB. My DB insert statement uses $db->real_escape_string() for security on all input. However this seems to be stripping out ...
Mitya's user avatar
  • 34.8k
0 votes
2 answers
1k views

I am struggling with something strange. I am running a mysqli::real_escape_string on a function to prepare an SQL statement. I am taking data from one database and developing a query to insert it ...
Curtis Fuller's user avatar
  • 135
1 vote
2 answers
2k views

In PHPMyAdmin I want to replace "aa;bb" -> "aabb", by running the query: UPDATE `question` SET `text` = REPLACE(`text`, 'aa;bb', 'aabb') WHERE INSTR(`text`, 'aa;bb') > 0; ...
Jake B.'s user avatar
  • 465
0 votes
0 answers
119 views

From real_escape_string code is showing as text not running on browser, even dreamweaver showing no error please help if any alternative then please tell me. trying to create a subscribe php form with ...
Pranit Shinde's user avatar
  • 43
-6 votes
2 answers
30 views

I used that query in PHP but it does not work mysql_real_escape_string(); so what should i do ?? Is that is the previous version of PHP so please give me a solution of newer function . Without your ...
Tash Khan's user avatar
  • 1
3 votes
1 answer
2k views

I am writing a plugin for Wordpress, where I have my own custom table to store the relevant data being pulled from a remote API. One of the elements I need to store is a URL, which is a TEXT field ...
user avatar
0 votes
1 answer
600 views

I am trying solve problem with quotes in my sql queries. I know that many questions were asked on stackoverflow. But no one worked for me. May be because I am using other framework (pyMySQL) for sql ...
JohnLemon's user avatar
  • 157
1 vote
0 answers
21 views

Let's say i have this code: $value = mysqli_real_escape_string($con, $_POST['value']); $value = strip_tags($value, '<br>'); for example with this value: $_POST['value'] = "<div>how<br/&...
Itay Ganor's user avatar
  • 4,205
-1 votes
2 answers
819 views

Whenever I'm trying to insert data that has an apostrophe in it, I receive a mysql syntax error Example text in textarea : I'm an alien will throw a syntax error when I try to insert in the ...
Sebastian Farham's user avatar
  • 823
0 votes
2 answers
199 views

So currently I have my code in procedural format so inorder to prevent myself from adding the "link" in the mysqli_real_escape_string function I've made a method that looks like this: // Used to ...
OverBakedToast's user avatar
  • 147
0 votes
0 answers
48 views

i have a problem. I want to mask via mysql_real_escape_string all $_POST Variables (include $_POST array). The Script mask only $_POST['das'] and no $_POST[template_id] (its empty) How can i mask $...
Em Hi's user avatar
  • 59
0 votes
1 answer
167 views

I want to escape all my strings I want to insert in my database. But my problem is, because I have more than 10.000 strings to check, the database queries would be too much... So I use this escape ...
Fraze Jr.'s user avatar
  • 143
3 votes
1 answer
19k views

When I try to do a mysql_real_escape_string for a login system, it does not record the variable from the form. If I do $username = $_POST['username']; and echo it, it displays, but when I do $...
Francisco F.'s user avatar
  • 121
1 vote
1 answer
2k views

Using Cakephp version: 2.5.1 I have some trouble finding a solution for dealing special characters in Cakephp find queries. If you could please point me in right direction, I would really ...
sandeep's user avatar
  • 109
0 votes
1 answer
6k views

I am trying to escape the inputs from the login form so that to prevent sql injection. But i get and error as: Fatal error: Uncaught Error: Call to undefined function mysql_real_escape_string() in F:...
vilom's user avatar
  • 51
10 votes
2 answers
61k views

I would like to insert the content of an excel file into my database. I simply use a raw query to achieve this. The controller function public function uploadExcel() { $filename = Input::file('...
Schwesi's user avatar
  • 4,914
-1 votes
2 answers
3k views

Why mysql_real_escape_string not working in this code ? Normally, when load page input will be look like this. http://image.free.in.th/v/2013/ie/160812064246.jpg But When you load page www.example....
peat wedty's user avatar
  • 55
-4 votes
4 answers
8k views

.../general.php on line 10 Hello, this is my error, but only occurs when I upload my web to a host, in the localhost run well. the (return mysqli_real_esc..)line is the "line 10". $conncet = ...
Jeff's user avatar
  • 1
1 vote
1 answer
2k views

So I know that using prepared statements with placeholders is pretty much the only way to protect yourself from SQL injection due to poor formatting of your queries. However, I also see many people ...
William F's user avatar
  • 87
2 votes
2 answers
519 views

why can't I used the mysqli_escape_string function without having a database connection?
Simon Suh's user avatar
  • 11k
1 vote
1 answer
491 views

Today I transferred my WordPress website to a new web host running a more recent version of php (5.5.0) than my previous web host. I transferred my website and I started getting the error massages ...
Michiel Standaert's user avatar
  • 4,176
1 vote
0 answers
497 views

I am very new to PHP and I am trying to add in precautions to my web form to avoid misuse, these inputs from the user are being stored to a database. I keep getting errors when trying to pass through ...
HybridHaylee's user avatar
  • 21
2 votes
1 answer
1k views

I am working on securing a huge existing application against SQL injection. It is very old and it is close to impossible to refactor, due to the use of the famous "copy/paste" pattern development ...
Mety's user avatar
  • 51
0 votes
1 answer
603 views

Just as the title states. Is it a standard procedure/practice to escape number inputs? I know text fields should be escaped, but i'm wondering if I need to escape numbers.
DMort's user avatar
  • 347
3 votes
2 answers
5k views

I am trying to pattern match with the LIKE LOWER('% %') command however I think the fact that I am using a python variable with %s is mucking it up. I can't seem to find any escape characters for the ...
joshuatvernon's user avatar
  • 1,641
0 votes
2 answers
551 views

What's the best way to use mysql_real_escape_string, is it at the beginning like this: $email = mysql_real_escape_string($_POST['email']); $qemail = mysql_query ("SELECT email FROM ppl WHERE email='$...
Saul Tigh's user avatar
  • 177
0 votes
1 answer
2k views

I am new to SQL injection and would like to know if I am using the mysql_real_escape_string properly? Should I make strings for the database and password to make this secure? Any advice would be great ...
DThomas's user avatar
  • 5
0 votes
1 answer
841 views

Hopefully a very easy question, but I haven't been able to find the answer. I'm learning to use prepared statements rather than mysqli_escape. I have the code: $stmt = $dbc->prepare("SELECT ...
devsie's user avatar
  • 131
1 vote
1 answer
538 views

i have a form for job post now whenever user enters data and i use mysql real escape string it insert blank data in mysql what could be the reason? here is the code of site. the thing is i can't trust ...
abhishek singh's user avatar
  • 11
0 votes
2 answers
109 views

I have a php program that uses cookies to store data across pages and redirects. I want to use mysql_real_escape_string() before sending them to my server, so far my code looks like this $...
trecoolable's user avatar
  • 307
0 votes
4 answers
2k views

Following is the code: class Db{ protected static $connection; public function connect(){ if (!isset(self::$connection)) { $config = parse_ini_file('../config.ini'); ...
Shreesh Katyayan's user avatar
  • 111
2 votes
2 answers
5k views

I am runing PHP Version 5.4.44 on my website and try to us mysql_real_escape_string but it does not give me any thing .mysql_real_escape_string works just fine in localhost on my computer.Example ...
Usman Mustafa's user avatar
  • 77
0 votes
0 answers
1k views

I am using the following code to select from a MySQL database with a Code Igniter webapp: My Model <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); class m_login extends ...
Rendi Arca's user avatar
  • 1
0 votes
0 answers
63 views

I need to insert (for example: "ABC") to my wamp db. I'm using str_replace method for this. Code is as shown below: $currAddr=str_replace(array("'","\"", "&quot;"),"&#39;",htmlspecialchars($...
Kirataka's user avatar
  • 482
3 votes
0 answers
60 views

I have a question about mysql_real_escape_string. I know that mysql_real_escape_string can escape the character such as backslash(\), single quote('), double quote(") and others. My question is: ...
KKL Michael's user avatar
  • 795
0 votes
1 answer
75 views

I have a static database connection established in a file which I include as include_once 'database.inc.php'; named $mysqli. When I pass a parameter $tbname from a form using $tbname = $_GET['tbname'...
socrates's user avatar
  • 347
0 votes
1 answer
10k views

Let's assume I have a notes field with new lines characters in it. What solution is correct and what is the difference between them? 1 { "notes" : "test test test \n line2" } 2 { "notes" : "test ...
MeV's user avatar
  • 3,998

1
2 3 4 5
8