Because I'm not very smart, I often have to click "submit this article" more than once. I've noticed two things that should probably be fixed. The article selection vanishes between submits - probably because the variable isn't getting posted back to the form ( I've not snooped into the queries to see). So this causes me to end up clicking submit yet again (because I'm not very observant, either :D ) That caused me to notice that the form handling code escapes characters that are already escaped. Say you submit an article, get everything right except you leave off, say, the unique price. You click submit. In your short description and long description, every instance of ' and " get escaped: \' and \". So you add a zero to unique price, and click submit again, striking yourself in the head and saying "*$#Q(*&! I didn't re-select the article!", and all the \' and \" become \\' and \\".
Just thought I'd point out something that's fairly easy to fix.
Thanks!
Steve
Escape in database code
Moderators: Celeste Stewart, Ed, Constant
-
jstevewhite
- Posts: 112
- Joined: Sat May 17, 2008 8:16 am
- Contact:
Re: Escape in database code
Thanks for the heads up Steve, We'll put it on the todo list!