Re: mysql_real_escape_string("asdasddas") ??? wtf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----------------------------------------------------------------------
Use FreeOpenSourceSoftwares, Stop piracy, Let the developers live. Get
a Free CD of Ubuntu mailed to your door without any cost. Visit :
www.ubuntu.com
----------------------------------------------------------------------


On Sun, Feb 22, 2009 at 5:35 AM, Tim | iHostNZ <tim@xxxxxxxxxxx> wrote:

> OK, thanks. I think you guys are right. It's just safer and simpler than
> writing my function and probably not really slower either. need a db
> connection anyway. Read a bit on the function and yeah, a bit of screwed up
> binary data might yet cause funny errors although the xml is a feed from a
> trusted source.


Having concluded with this realization get to read about Security chapters
from Zend Certified Engineer Exam Guide Book from phpArchitect. Written by
Ben Ramsey and David Shafiq.
And you probably  know about the term of 're-inventing the wheel'. :)

>
>
> You guys are great! Faster with answers than i can search. Almost feel
> tempted not to search.... Nah i still search first. :-)
>
> Tim-Hinnerk Heuer
>
> http://www.ihostnz.com
> Emo Philips  - "I was the kid next door's imaginary friend."
>
> 2009/2/22 Robert Cummings <robert@xxxxxxxxxxxxx>
>
> > On Sat, 2009-02-21 at 19:19 +1300, Tim | iHostNZ wrote:
> > > Hi everyone,
> > >
> > > Can anyone here tell me why mysql_real_escape_string("asdasddas")
> returns
> > an
> > > empty string?
> > >
> > > Just writing a data import...
> > >
> > > Anyway, for security but also simply because i might have a ' in the
> > string,
> > > i need to escape it. Apparently it is good practice to use
> > > mysql_real_escape_string() but it simply doesn't work at all on this
> > > machine. I thought it's a rather standard function.
> > >
> > > Is it maybe my Apache server setup? But i thought the function wouldn't
> > > exist then and throw an error in the php script, but it runs through
> > fine.
> > >
> > > Please help, we need this data import by next week hence i'm working
> > now...
> > >
> > > I can send you details of the server setup if required. Please let me
> > know
> > > what as there are quite a few things... It's xampp on windows xp
> > > (testing/dev machine).
> >
> > RTFM:
> >
> >    Note: A MySQL connection is required before using
> >    mysql_real_escape_string() otherwise an error of level
> >    E_WARNING is generated, and FALSE is returned. If
> >    link_identifier isn't defined, the last MySQL connection
> >    is used.
> >
> > And turn your error reporting on or check your logs.
> >
> > Cheers,
> > Rob.
> > --
> > http://www.interjinn.com
> > Application and Templating Framework for PHP
> >
> >
>

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux