anyone familiar with MAKEFORMMAIL.CGI ?

F

Food Groupy

I use this script for a simple feedback form.

funny thing is, when I receive comments from a "text area" message, they are
usually missing any apostrophe's or quotation marks that are included in the
comments.

any comments on this from folks who know the 'innards' of such things?

thanks,,,,

Franko Dog
 
A

Adrienne

I use this script for a simple feedback form.

funny thing is, when I receive comments from a "text area" message,
they are usually missing any apostrophe's or quotation marks that are
included in the comments.

any comments on this from folks who know the 'innards' of such things?

thanks,,,,

Franko Dog
Click to expand...

Sounds like the script is stripping them, or replacing them. The reason is
because the quote or apostrophe is used as a delimiter, so if you have
something like:
joe's restaurant

A script or program might read that as two fields, joe and s restaurant.
 
A

Augustus

Food Groupy said:
I use this script for a simple feedback form.

funny thing is, when I receive comments from a "text area" message, they are
usually missing any apostrophe's or quotation marks that are included in the
comments.

any comments on this from folks who know the 'innards' of such things?
Click to expand...

When dealing with user input its always a good idea to strip out any
characters that could possibly break the SQL or server side code

Usually you replace them with codes, like replacing all the " characters
with " but some will just simply remove the potentially bad characters
 
W

Whitecrest

When dealing with user input its always a good idea to strip out any
characters that could possibly break the SQL or server side code
Usually you replace them with codes, like replacing all the " characters
with " but some will just simply remove the potentially bad characters
Click to expand...

Or just escape them.
 
J

John Bokma

Augustus said:
When dealing with user input its always a good idea to strip out any
characters that could possibly break the SQL or server side code

Usually you replace them with codes, like replacing all the " characters
with " but some will just simply remove the potentially bad characters
Click to expand...

There is no need if you use ? in your query, and provide the data as
parameters. "INSERT (?,?,?) INTO table" works perfectly, no need for
escaping.

My best guess, this script is crap, like most of the CGI scripts
floating around.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Anyone familiar with "Gurtcom" menus??? 1
Errors with HTML packing slip code 2
Working on mobile css menu with plenty of frustration! 2
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
GET NEIL DEGRASSES TYSON, I ripped a hole with this one... 0
anyone familiar with Floating Navbars (ie DHTMLLIB)...?? 1
I'm tempted to quit out of frustration 1
Game Development, anyone? 0

Members online

No members online now.
Total: 23 (members: 0, guests: 23)
Robots: 330

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,009
Latest member
GidgetGamb

Latest Threads

Top