Posted by Jerry Stuckle on 08/10/07 01:06

Sanders Kaufman wrote:
> Sanders Kaufman wrote:
>> ZeldorBlat wrote:
>
>>> Yes. But you haven't said which database you're using. If you're
>>> using MySQL you want mysql_real_escape_string().
>
> It's interesting that this function is not fully a part of PHP, but
> rather relies on some libraries in MySQL.
>
> Seems to me, if I was the PHP guys, I wouldn't have made it so. Must be
> a liability risk-avoidance thing.
>
> I guess that's just one more reason why PHP5's features are what I wanna
> go to as quick as possible.

That's because it's a wrapper to the same function in MySQL. Why
duplicate effort - especially since you don't have all the information
available, anyway?

Maybe you want mysql_connect() and mysql_query() to be pure PHP
functions also?

The same is true in PHP5.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: Re: Escaping for PHP and MySQL
• Prev in forum: Re: mysql_real_escape_string() chopping off after quotes
• Thread view: Re: Escaping for PHP and MySQL

[Reply to this message]