22
In the code is this:
le="color: #000000"><?php $query = "INSERT INTO ".$xoopsDB->prefix("mod_pedigree_temp")." VALUES ('".$random."','".unhtmlentities($name)."','".$id_eigenaar."','".$id_fokker."','".$user."','".$roft."','','','".$foto."', ''".$usersql.")"; //echo $query; die(); $xoopsDB->query($query);
So how can I prevent SQL Injection errors from Protector when I insert a field with a quote in the value?
unhtmlentities, mysql_real_escape_string, addslashes, all triggered Protector.