Hi all. Would this be of relevance: from php.ini: ; Use Sybase-style magic quotes (escape ' with '' instead of \'). ; Leave this OFF! magic_quotes_sybase = OFF HTH - KR On Mon, 28 Nov 2005, Victor Chapela wrote:

To: 'Jason binger' <cisspstudy@yahoo.com>, webappsec@securityfocus.com From: Victor Chapela <victor@sm4rt.com> Subject: RE: Simple to exploit SQL Injection ?

Jason,

I agree with Rich, it seems your ' is being escaped by adding a second one. This should be interpreted by the database as a single quote within the quoted string '...'.