----- Original Message ----
> From: Dotan Cohen <dotancohen@xxxxxxxxx>
> To: php-general. <php-general@xxxxxxxxxxxxx>
> Sent: Fri, October 16, 2009 7:13:41 PM
> Subject: Sanitizing potential MySQL strings with no database connection
>
> How can I configure mysql_real_escape_string() to _not_ need a
> database connection in order to do it's work on a string. I understand
> that the function wants a database connection to determine which
> charset / encoding is in use, but in my case it will always be UTF-8.
>
> I have a file of reusable functions that I include in several scripts,
> one of them is a MySQL sanitation function, like this:
> function clean_mysql ($dirty) {
> $dirty=trim($dirty);
> $clean=mysql_real_escape_string($dirty);
> return $clean;
> }
>
> As different scripts reuse this code but connect to different
> databases, I need the function to work independently of the database
> connection. In other words, the include file cannot connect to the
> database but it still must perform the mysql_real_escape_string()
> function on UTF-8 data.
>
> Thanks in advance for any ideas.
>
> --
> Dotan Cohen
>
> http://what-is-what.com
> http://gibberish.co.il
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
Dotan,
I don't think so since the mysql_real_escape_string() requires a connection handler. Why not use bind param?
Regards,
Tommy
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
