Posted by Dikkie Dik on 12/27/06 16:43

> The suggested way to protect user-supplied input to with MySQL involves
> using a special PHP function for MySQL:
>
> mysql_real_escape_string (PHP 4 >= 4.3.0, PHP 5)
>
> http://www.php.net/manual/en/function.mysql-real-escape-string.php
>
> This takes the character set used by the database into account.


I know. And that is a severe problem for me. At the time I build the
queries, there may not even be a database connection. I do not want it
to work with a current database connection, I want it to work with _all_
database connections. SQL itself is just normal 7-bits ASCII (there may
be ways to configure the server otherwise, but I don't do that) and it
is only the strings that have to be escaped. So what is safer than
building the entire command in 7-bits ASCII?

Best regards

• Next in forum: number of logins
• Prev in forum: Zend Certification PHP 5 : Difference between isset() and other is_*() functions
• Thread view: Re: The best way to protect SQL injection?

[Reply to this message]