Escape in database code

Keep Involved in Planning Changes to the Site. Have your Voice Count.

Moderators: Celeste Stewart, Ed, Constant

Locked
jstevewhite
Posts: 112
Joined: Sat May 17, 2008 8:16 am
Contact:

Escape in database code

Post by jstevewhite »

Because I'm not very smart, I often have to click "submit this article" more than once. I've noticed two things that should probably be fixed. The article selection vanishes between submits - probably because the variable isn't getting posted back to the form ( I've not snooped into the queries to see). So this causes me to end up clicking submit yet again (because I'm not very observant, either :D ) That caused me to notice that the form handling code escapes characters that are already escaped. Say you submit an article, get everything right except you leave off, say, the unique price. You click submit. In your short description and long description, every instance of ' and " get escaped: \' and \". So you add a zero to unique price, and click submit again, striking yourself in the head and saying "*$#Q(*&! I didn't re-select the article!", and all the \' and \" become \\' and \\".

Just thought I'd point out something that's fairly easy to fix.

Thanks!

Steve
jrichards
Posts: 186
Joined: Fri Jul 04, 2008 2:42 pm

Re: Escape in database code

Post by jrichards »

Thanks for the heads up Steve, We'll put it on the todo list!
Locked