Re: Re: mysql_real_escape_string("asdasddas") ??? wtf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2009-02-21 at 22:55 +1300, German Geek wrote:
> Ah, ic. Mh, why wouldn't a function like that function without a db
> connection? Does it use the db? Isn't that less efficient? I might just use
> str_replace, because i can't think of any way that one could get a sql
> injection into
> 
> str_replace("'", "\\\'", $value); // might need to replace a literal \ too.
> 
> If you can, please enlighten me.
> 
> Maybe if they enter something like \c ?? Like one of the mysql special
> commands? But if it's inside a string literal??
> 
> Thanks a lot, i would have never thought about that.
> 
> Will try.
> 
> Tim-Hinnerk Heuer
> 
> http://www.ihostnz.com
> George Burns  - "I would go out with women my age, but there are no women my
> age."
> 
> 2009/2/21 Ross McKay <rosko@xxxxxxxxxxx>
> 
> > On Sat, 21 Feb 2009 19:19:44 +1300, tim@xxxxxxxxxxx wrote:
> >
> > >Can anyone here tell me why mysql_real_escape_string("asdasddas") returns
> > an
> > >empty string?
> >
> > Have you opened a connection to a MySQL database? It won't work without
> > an open connection.
> > --
> > Ross McKay, Toronto, NSW Australia
> > "Let the laddie play wi the knife - he'll learn"
> > - The Wee Book of Calvin
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
It doesn't actually use the connection, but it requires one to be open
before you can use it. You said you're using this on a query anyway, so
why not open the connection to mysql?


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux