|
|
Posted by Matt Madrid on 08/05/07 07:22
zach wrote:
> Matt Madrid wrote:
>> zach wrote:
>>> Ok, something that confuses me is why does mysql_real_escape_string
>>> need a link or connection to the database if its simply escaping a
>>> string. I thought the whole point was to do the work before it ever
>>> goes to a database, so I wouldn't expect it to need a connection.
>>
>> The documentation at:
>> http://www.php.net/manual/en/function.mysql-real-escape-string.php
>> says: "mysql_real_escape_string() calls MySQL's library function
>> mysql_real_escape_string"
>>
>> ... and the documentation at:
>> http://dev.mysql.com/doc/refman/5.0/en/mysql-real-escape-string.html
>> says: "must be a valid, open connection. This is needed because the
>> escaping depends on the character set in use by the server."
>
> That's what I was looking for. Thanks.
>
>>
>> The php documentation also says: "If no such link is found, it will
>> try to create one as if mysql_connect() was called with no arguments."
>
>
>> RTFM... ;-)
>
> I read the manual
I'm sure you did.. I was trying to get you to read it again.
> which is how I knew it needed an open connection.
ahh.. this is why I threw in that last part about it trying to open a
connection itself if none is found. If you found this out by reading the
docs, and not because you got an error, it means that you might have a
mysql server running on the same system that was automatically connected
to, and so mysql_real_escape_string() works even though you didn't open
a connection or give it one as an argument.
But what if you are actually connecting to a different server with a
different charset *after* using mysql_real_escape_string(). Then you
might have some problems.
> The manual only said it needed an open connection, but didn't explain,(or
> not very clearly) why it needed it. Not everyone is so inexperienced as
> to completely ignore the manual.
Some people are. Wasn't trying to be rude, just point you in the right direction.
Matt M.
Navigation:
[Reply to this message]
|