What are illegal characters for POST?

Anon

I am using PHP3 and MySQL. I want to get text from a textfield and format that text sothat inserting it into a table will not cause a problem. My question is which characters must be avoided when inserting a string into a MySQL table?

Anon

As far as I have seen, PHP (4) automatically escapes information that is transferred by a HTTP POST and therefore it doesn't need any treatment before being tossed into the database.

Anon

The only character you have to worry about is the single quote ('). Text in MySQL when inserting is surrounded by single quotes, so one in the middle of a string is interpreted as the end of the text. You can see how this can cause trouble.

Now, PHP has something called magic quotes that will automatically escape single and double quotes in GET,POST, and COOKIE data. The flag for this is in php.ini. magic_quotes_gpc = on will make it escape the quotes. Then you can insert the data directly into the database with no problems.

If you want to display the data, you'll need to get rid of the escape character. This is accomplished quite easily by using $stripped_text = stripslashes($text);

Hope that helps you...

---John Holmes...