On 23/01/2008, mike <mike503@xxxxxxxxx> wrote:> > > It would be Real Nifty (tm) if the MySQL API had a function that let> > > you specify the charset without a connection and did the escaping.> > >> > > Presumably you don't NEED a connection if you already know what> > > charset thingie you are aiming at...>> I concur - it would be nice to have the capability to have a normal> string escape function and give it a character set. I mean we should> all be using utf-8 anyway, right? I'd be interested in hearing an argument against UTF-8, other than thedisk space argument. > Right now I still use mysql_escape_string and it seems to work fine,> but it makes me nervous as everything else I use is mysqli and I know> it is not 100% compatible (just haven't had anything break it yet) -> but I hate having to have a connection handle open just to escape> things. I think it was here on this list that we saw an example of SQLinjection despite the use of mysql_escape_string. Some funky Asiancharset was used, no? Dotan Cohen http://what-is-what.comhttp://gibberish.co.ilא-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת; A: Because it messes up the order in which people normally read text.Q: Why is top-posting such a bad thing?