From: Ashley Sheridan > On Tue, 2009-10-20 at 14:20 +0200, Andrea Giammarchi wrote: >> > Your only option might be to do something "smart". You can't use the >> > proper mysql functions without a connection to a database, but you >> > refuse to connect to a database until after you perform validation... >> > >> > You do realise you can have several db connections open at one time, so >> > you could have one always open for the purpose of validation? >> > Potentially wasteful, but the architecture in this idea is a little >> > different from the norm. >> >> I also thought mysql_real_escape_string was dead since every DAL such >> PDO or others uses bindings to properly escape variables and a database >> related sanitize without database is quite useless, imho. >> > > Not everyone uses something like PDO, so yes, sanitising data with > mysql_real_escape_string does still happen. > > The function clearly states that it needs an open connection to work, so > that leaves two choices really: 1) open a damn connection! or 2) > reinvent the wheel and create a function which mimics the behavior of > this one. Is the database connection used to determine the character encoding to be used before it inserts new characters into the strings? Would that make a difference in this case? Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
