Re: Using mysql_real_escape_string without connecting to mysql

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 23/01/2008, Jochem Maas <jochem@xxxxxxxxxxxxx> wrote:> I can read, I saw 2 functions the first time. each function cleans *and* escapes.>> cleaning is filtering of input.> escaping is preparing for output.>> 2 concepts.
I see your point.
> if the input needs to be stripped of html then it needs that regardless> of the output vector. again removing or not-accepting input if it contains> '--' is a question of filtering/validation ... besides which '--' is quite> acceptable for data stored in a text field but not for a numeric one.
I'm not accepting "--" at all until someone can show me a real worldcase where one would use it, without the intention of SQL injection.How can it be escaped, anyway?
> filter each piece of data> validate each piece of data> escape each peice of data for each context in which it will be output.
I see that you have more experience than I!
> imho your functions are conceptually wrong and not very robust either -> don't take it as a personal attack - I'm very sure if we sat down with *some*> of my code the same critism could be made to more or lesser extent :-) ...> "getting better all the time" as they sang once ;-)
I never thought that was a personal attack, not for a second. Rather,I very much appreciate the time you take to explain to me my errors.And I intend to learn from them. For the time being, I'll leave thecode as it is. However, for future projects, I will make a point ofseparating the different functions. Thanks.
Dotan Cohen
http://what-is-what.comhttp://gibberish.co.ilא-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת;
A: Because it messes up the order in which people normally read text.Q: Why is top-posting such a bad thing?

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux