Reply to Re: What am I doing wrong? — PHP Programming Language

Posted by gosha bine on 08/09/07 09:09

On 08.08.2007 20:16 dkruger wrote:
> I understand that addslashes is not an appropriate way to prevent the
> SQL injections for occuring, from the way it looks,
> mysql_real_escape_string really only seems to replace a few other
> characters in the passed string...

Unless you're using non-unicode multibyte character sets like GBK,
addslashes is a sufficient protection against injections.
real_escape_string offers additional, non-essential service (like
escaping newlines) and is aware of multibyte characters (but that was
broken in mysql prior to 5.0.22 IIRC).

--
gosha bine

makrell ~ http://www.tagarga.com/blok/makrell
php done right ;) http://code.google.com/p/pihipi

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация