Re: Using mysql_real_escape_string without connecting to mysql

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 23/01/2008, mike <mike503@xxxxxxxxx> wrote:> > > It would be Real Nifty (tm) if the MySQL API had a function that let> > > you specify the charset without a connection and did the escaping.> > >> > > Presumably you don't NEED a connection if you already know what> > > charset thingie you are aiming at...>> I concur - it would be nice to have the capability to have a normal> string escape function and give it a character set. I mean we should> all be using utf-8 anyway, right?
I'd be interested in hearing an argument against UTF-8, other than thedisk space argument.
> Right now I still use mysql_escape_string and it seems to work fine,> but it makes me nervous as everything else I use is mysqli and I know> it is not 100% compatible (just haven't had anything break it yet) -> but I hate having to have a connection handle open just to escape> things.
I think it was here on this list that we saw an example of SQLinjection despite the use of mysql_escape_string. Some funky Asiancharset was used, no?
Dotan Cohen
http://what-is-what.comhttp://gibberish.co.ilא-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת;
A: Because it messes up the order in which people normally read text.Q: Why is top-posting such a bad thing?

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux