On Thu, Mar 5, 2009 at 2:00 PM, Eric Butera <eric.butera@xxxxxxxxx> wrote: > On Thu, Mar 5, 2009 at 1:47 PM, haliphax <haliphax@xxxxxxxxx> wrote: >> On Thu, Mar 5, 2009 at 11:41 AM, Eric Butera <eric.butera@xxxxxxxxx> wrote: >>> On Thu, Mar 5, 2009 at 12:21 PM, haliphax <haliphax@xxxxxxxxx> wrote: >>>> On Thu, Mar 5, 2009 at 11:08 AM, Eric Butera <eric.butera@xxxxxxxxx> wrote: >>>>> On Thu, Mar 5, 2009 at 12:00 PM, haliphax <haliphax@xxxxxxxxx> wrote: >>>>>> On Thu, Mar 5, 2009 at 10:52 AM, Eric Butera <eric.butera@xxxxxxxxx> wrote: >>>>>>> Make sure to always pass your active database connection into the >>>>>>> second parameter of mysql_real_escape_string. There could be >>>>>>> character set differences between your two servers too that might be >>>>>>> causing issues for you. If at all possible I would recommend >>>>>>> upgrading to mysqli or pdo and use prepared statements. >>>>>> >>>>>> mysqli may not be available to him (PHP4, etc.) and I don't see why he >>>>>> should completely switch his procedure if his code will work with the >>>>>> addition of the db handle in the function call... but that's my 2c. I >>>>>> agree that at some level, it is more beneficial to change all of the >>>>>> code you have to use a new method/construct/whatever, but it may not >>>>>> be worth it in his case. >>>>> >>>>> Using php4 is beyond irresponsible at this point. >>>> >>>> Nice quip, but it doesn't do any of us any good who are stuck with >>>> PHP4 due to the decisions of people with more clout in the >>>> organization than we (like perhaps the OP). >>>> >>>> :p >>> >>> We heard those arguments for years. Using software with no security >>> patches is insane. >> >> I agree! However, there are a lot of insane people that are given the >> reigns to decisions that are not the same people who program (and >> understand) the applications involved... >> >> :( >> > > I talked my company into do it because of the new features that would > save time. Show them simplexml and domdocument. It's up to you to > make it happen. But at this point its completely abandoned. That > should be good enough for anything that is getting active development > time. Sadly, my company is throwing PHP out the window in favor of ASP.NET, as they have an irrational fear of Open Source software. Don't get me wrong--.NET is pretty darn cool--but I literally enjoy working in PHP. The fact that I don't need an IDE to unlock the majority of the language's functionality is nice. (Editing a config file by hand or using more than a couple of nested libraries without code completion is a nightmare in .NET) Anyway, it's already been decided. Hell, they use Microsoft for damn near everything else. I guess the mainstream mentality has overpowered honest consideration for an "alternative" (not my words) solution's merits. -- // Todd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
