Re: PHP, mysql, and escaping characters — PHP Programming Language

You are here: Re: PHP, mysql, and escaping characters « PHP Programming Language « IT news, forums, messages

Posted by Toby A Inkster on 02/07/07 18:38

Jerry Stuckle wrote:

> Just use mysql_real_escape_string(). It's a mysql function which is
> made to escape the necessary characters. And it has the added advantage
> that it is sensitive to the character set sensitive, so if you ever use
> a non-latin1 charset the chars will be handled correctly.

Though make sure you're using a recent version of MySQL, as older versions
(anything earlier than 4.1.20, plus 5.0-5.0.21) included this bug in
mysql_real_escape:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753

For better database security, use prepare/execute.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/CSS/Javascript/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!

Navigation:

Next in forum: Re: Reading a cookie
Prev in forum: Re: global vars on/off
Thread view: Re: PHP, mysql, and escaping characters

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация