Reply to Re: [PHP] MySql injections (related question)

Your name:

Reply:


Posted by Richard Lynch on 05/12/05 09:46

On Wed, May 11, 2005 8:58 pm, Jason Wong said:
> Well put it this way, addslashes() was not meant to make data "safe" for
> mysql, it just happened to work. Now there is a better/official/whatever
> alternative why not use it?

Actually, unless I'm very much mistaken about why addslashes() was
written, it *WAS* (and *IS*) designed to make data "safe" for MySQL.

Okay, maybe technically it was first written for mSQL, but that being in
the state it is, and the current state of affairs of PHP/MySQL...

I'd bet a dollar that if the MySQL C Client library changed what needs
escaping, addslashes would change with it.

Am I delusional?

What problem do you think addslashes() was written to solve?

PS On the language/encoding thing... I don't think I'll ever figure that
stuff out before I die, so there's not much point worrying about it,
though I can certainly see why it's an atrractive MUST USE for those who
can actually cope with more than one natural language!

--
Like Music?
http://l-i-e.com/artists.htm

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация