Comment script doesn't appear to be escaping special characters

gvsulib / library-Status

A quick and easy status monitor for all of our library systems.

http://labs.library.gvsu.edu/status

GNU General Public License v3.0

12 stars 4 forks source link

Comment script doesn't appear to be escaping special characters #2

Closed mreidsma closed 11 years ago

mreidsma commented 11 years ago

I threw an error adding a comment with a parenthesis. Need to make sure to escape entries, not only to allow punctuation but also to protect against SQL injection. Try $mysqli->real_escape_string($string).

mreidsma commented 11 years ago

This has been fixed with the latest push.