Re: Problem with mysql_real_escape_string

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Mar 5, 2009 at 2:00 PM, Eric Butera <eric.butera@xxxxxxxxx> wrote:
> On Thu, Mar 5, 2009 at 1:47 PM, haliphax <haliphax@xxxxxxxxx> wrote:
>> On Thu, Mar 5, 2009 at 11:41 AM, Eric Butera <eric.butera@xxxxxxxxx> wrote:
>>> On Thu, Mar 5, 2009 at 12:21 PM, haliphax <haliphax@xxxxxxxxx> wrote:
>>>> On Thu, Mar 5, 2009 at 11:08 AM, Eric Butera <eric.butera@xxxxxxxxx> wrote:
>>>>> On Thu, Mar 5, 2009 at 12:00 PM, haliphax <haliphax@xxxxxxxxx> wrote:
>>>>>> On Thu, Mar 5, 2009 at 10:52 AM, Eric Butera <eric.butera@xxxxxxxxx> wrote:
>>>>>>> Make sure to always pass your active database connection into the
>>>>>>> second parameter of mysql_real_escape_string.  There could be
>>>>>>> character set differences between your two servers too that might be
>>>>>>> causing issues for you.  If at all possible I would recommend
>>>>>>> upgrading to mysqli or pdo and use prepared statements.
>>>>>>
>>>>>> mysqli may not be available to him (PHP4, etc.) and I don't see why he
>>>>>> should completely switch his procedure if his code will work with the
>>>>>> addition of the db handle in the function call... but that's my 2c. I
>>>>>> agree that at some level, it is more beneficial to change all of the
>>>>>> code you have to use a new method/construct/whatever, but it may not
>>>>>> be worth it in his case.
>>>>>
>>>>> Using php4 is beyond irresponsible at this point.
>>>>
>>>> Nice quip, but it doesn't do any of us any good who are stuck with
>>>> PHP4 due to the decisions of people with more clout in the
>>>> organization than we (like perhaps the OP).
>>>>
>>>> :p
>>>
>>> We heard those arguments for years.  Using software with no security
>>> patches is insane.
>>
>> I agree! However, there are a lot of insane people that are given the
>> reigns to decisions that are not the same people who program (and
>> understand) the applications involved...
>>
>> :(
>>
>
> I talked my company into do it because of the new features that would
> save time.  Show them simplexml and domdocument.  It's up to you to
> make it happen.  But at this point its completely abandoned.  That
> should be good enough for anything that is getting active development
> time.

Sadly, my company is throwing PHP out the window in favor of ASP.NET,
as they have an irrational fear of Open Source software. Don't get me
wrong--.NET is pretty darn cool--but I literally enjoy working in PHP.
The fact that I don't need an IDE to unlock the majority of the
language's functionality is nice. (Editing a config file by hand or
using more than a couple of nested libraries without code completion
is a nightmare in .NET)

Anyway, it's already been decided. Hell, they use Microsoft for damn
near everything else. I guess the mainstream mentality has overpowered
honest consideration for an "alternative" (not my words) solution's
merits.


-- 
// Todd

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux