Stuart Felenstein wrote:
First I'm a bit unsure , because in the manual it
states that you must use mysql_real_escape_string on
binary data. So first question, what constitutues
binary data, a file or just an integer?
any data that might contain a null-byte (\0) is usually seen as the
definition for binary files.
Second question - Since magic_quote_gpc is enabled on
my server (and I have no choice) - I gather I must use
addslashes()
why?
3rd- Some of the user input translates to an int value
where I later do a join for the actual label. I
believe those fields are protected naturally since the
database won't accept anything but an int.
that is correct, however, remember that sql-injection attacks could
still be made in such places.
4th - With both of these functions it looks like they
become part of the sql query. I could use some help
in understanding how to set up variables using both
functions. In otherwords, an example of how they get
coded.
Look at the examples in the documentation, they are all I could give
you.. (http://www.php.net/manual/en/function.mysql-real-escape-string.php)
Thank you ,
Stuart
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
