Reply to Message
I have always used Replace(),"'","''") in all my fields, and yet this thing is still getting through. I even went so far as filtering out anything to do with www.banner82.com/b.js but now it has changed to www.adw95.com/b.js so i now have that filtered out. it is only effecting 1 table in my database [there are 3 that are public writable] and yet every other day a new one pops up. I can't find anywhere in my code this is being allowed through. I'm just wondering if it has to do with the fact I am using an RTE with that particular table. I've tried even limiting the updates to a few specific ip's but that doesn't help either. what am I doing wrong
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
