On one of my sites, I have a query that logs attempts to access the
site by potential bad guys. It has been working for more than a year
with out a problem. Today, I got a database error because an
unescaped ' in one of the arrays that I collect. When I check the
error I found a very curious condition in the useragent log entry.
Here is the excerpt:
,\'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:220.127.116.11) Gecko/2009011913
Notice the backslash in front to the quote delimiter. How did that get
there? Anybody have a guess?
The database comes from a call to $_SERVER['HTTP_USER_AGENT'];