Re: escapce unvalid charactors — PHP Programming Language

You are here: Re: escapce unvalid charactors « PHP Programming Language « IT news, forums, messages

Posted by Rami Elomaa on 07/23/07 06:58

"Yarco" <yarco.w@gmail.com> wrote in message
news:1185172640.549442.4080@j4g2000prf.googlegroups.com...
>I have a silly question. We know when we add text into database, we
> always need to escapce the unvalid charactors.
> But why it is not done automatically by database?

Because we (the developers) still need to use those unsafe characters in
queries. It's all a matter of who get's to do what. Clients may not enter
pure sql, that would be an sql injection..! However YOU must be able to
enter pure sql in order to get data in and out of the database. But as
Michael pointed out, the problem does not exist with prepared statements
where the client data is somewhat separated from queries.

--
Rami.Elomaa@gmail.com

"Good tea. Nice house." -- Worf

Navigation:

Next in forum: Re: Problem with PHP output
Prev in forum: Re: Problem with PHP output
Thread view: Re: escapce unvalid charactors

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация