Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- How to detect and delete a string like this
February 17, 2007, 2:54 pm
rate this thread
within the message:
The comments are stored in a mysql database
When php generates the page to display this field, it looks like this:
If I use something like
DELETE FROM database where lower(`comments`) like "%file=
or if i try
DELETE FROM database where lower(`comments`) like "%\%"
it fails to detect the string.
How do I detect and rid this kind of posting?
- Schraalhans Keukenmeester
February 17, 2007, 6:38 pm
Re: How to detect and delete a string like this
If this is in your db, I gather you (also) haven't got good measures in
your script preventing SQL injection? If that's the case it's really
easy to do a lot of damage to your database.
Google has plenty hits on this topic, if it's new to you, read up!
PHP has a function to prevent harmful user input strings from wreaking
havoc on your db: mysql_real_escape_string() could be a real friend.