You are here: mysql_real_escape_string « PHP Programming Language « IT news, forums, messages
mysql_real_escape_string

Posted by Michael G on 09/08/05 17:52

If I only escape the characters that mysql_real_escape_string recognizes, is
this adequate protection against SQL injection attacks?

I have read a number of archived posts plus I've read some of the info at
php.net. I am still not convinced as to what to do. The php folks claim that
using mysql_real_escape_string is all that is needed. Then on the other
hand, there is a myriad of opinions about that. I think I am inclined to
side with the php folks.

One thing that bothers me about the mysql_real_escape_string is that it
doesn't escape "--" which is a comment. One justification for this is that
it would have to be delimited with an " ' " before it would have any affect.
But I am not totally sure about that either.

Finally, what does the "real" mean in mysql_real_escape_string?

Mike



----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация