Posted by Richard Lynch on 05/12/05 09:46

On Wed, May 11, 2005 8:58 pm, Jason Wong said:
> Well put it this way, addslashes() was not meant to make data "safe" for
> mysql, it just happened to work. Now there is a better/official/whatever
> alternative why not use it?

Actually, unless I'm very much mistaken about why addslashes() was
written, it *WAS* (and *IS*) designed to make data "safe" for MySQL.

Okay, maybe technically it was first written for mSQL, but that being in
the state it is, and the current state of affairs of PHP/MySQL...

I'd bet a dollar that if the MySQL C Client library changed what needs
escaping, addslashes would change with it.

Am I delusional?

What problem do you think addslashes() was written to solve?

PS On the language/encoding thing... I don't think I'll ever figure that
stuff out before I die, so there's not much point worrying about it,
though I can certainly see why it's an atrractive MUST USE for those who
can actually cope with more than one natural language!

--
Like Music?
http://l-i-e.com/artists.htm

• Next in forum: Re: [PHP] MySql injections (related question)
• Prev in forum: Re: [PHP] Inner Join or 2nd Query...?
• Thread view: Re: [PHP] MySql injections (related question)

[Reply to this message]