Ryan A wrote: > Hey, > Am really starting to like your emails on this list, > its different to say the least! seeing as you didn't threat to DoS my server I guess I'm not trying hard enough to be different ;-) > >>> mysql_escape_string does look interesting but >> thats >>> again putting the strain in the script which I am >> wtf? that is just plain silly. > > Why is it plain silly? if the text to be entered is a > large html page with a lot of class="value" and font > color="red" class="blah" etc it can mean a lot of > escaping/processing for the block of data your going to enter in the db it's a single call to the function. and the cpu cycles required is peanuts in real terms. it's kind of similar to a call to output_add_rewrite_var() which essentially buffers and parse through the complete output of a given script - something which works fine under normal conditions (e.g. your not in the realms of yahoo-like levels of page views). if you have 1000's of users inserting/updating 'large' chunks of HTML all day ever day then you probably have a different problem - one that probably requires a server farm or something - but if your in that realm the not using of msyql_real_escape_string() will still not be the solution. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
