tag:blogger.com,1999:blog-8755171752803157077.post1146745878849252057..comments2023-06-29T03:45:18.969-07:00Comments on The Constellation Hypothesis: Never Buy From Next Day Flyers.comLouishttp://www.blogger.com/profile/07276304333361151814noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-8755171752803157077.post-24100061829585951042009-06-11T08:37:57.093-07:002009-06-11T08:37:57.093-07:00On a whim yesterday I checked out the NextDayFlyer...On a whim yesterday I checked out the NextDayFlyers.com again just to see if they still hadn't patched the issue. They now have.Jonhttps://www.blogger.com/profile/14681631065598127139noreply@blogger.comtag:blogger.com,1999:blog-8755171752803157077.post-81752561254775283522009-05-07T19:53:00.000-07:002009-05-07T19:53:00.000-07:00Hi Sarah - I double checked after seeing your comm...Hi Sarah - I double checked after seeing your comment, and the issue is still not resolved. Entering a value containing a single quote character ( the ' character) into any of the input fields on your site verifies it's not fixed. In order to protect your site from SQL injection, every value that comes from a web page has to be run through the mysql_real_escape_string function before it's used in a database query. To emphasize - just removing the ' character from input strings isn't enough, you have to use mysql_real_escape_string. It's built into PHP and needs to be used on any data you get from the user.Jonhttps://www.blogger.com/profile/14681631065598127139noreply@blogger.comtag:blogger.com,1999:blog-8755171752803157077.post-55283007534393061562009-04-27T11:28:00.000-07:002009-04-27T11:28:00.000-07:00Louis, we value your business and your privacy. As...Louis, we value your business and your privacy. As soon as it came to our attention that there was a potential issue with our site, we resolved it immediately. What we did not do in a timely manner, and should have done, was communicate that to you or your friend. For that, we sincerely apologize. Thank you for your feedback. <br /><br />Sarah Crawford<br />NextDayFlyers - Marketing ManagerSarah Crawfordnoreply@blogger.com