even better
$error_reporting = error_reporting(0);
if(mysql_real_escape_string($variable) === false)
{
error_reporting($error_reporting);
// create a default DB connection
} else
error_reporting($error_reporting);
unset($error_reporting);
> From: an_red@xxxxxxxxxxx
> To: ash@xxxxxxxxxxxxxxxxxxxx; dotancohen@xxxxxxxxx
> CC: php-general@xxxxxxxxxxxxx
> Date: Tue, 20 Oct 2009 15:50:52 +0200
> Subject: RE: Sanitizing potential MySQL strings with no database connection
>
>
> > If says:
> >
> > Returns the escaped string, or FALSE on error.
> >
> > So all you have to do, is have warnings turned off (as it generates an
> > E_WARNING if you have no active connection) and then look at the return
> > value of a call to the function:
> >
> > if(mysql_real_escape_string($variable) === false)
> > {
> > // create a default DB connection
> > }
>
> I would rather suggest:
>
> $error_reporting = error_reporting(0);
> if(mysql_real_escape_string($variable) === false)
> {
> // create a default DB connection
> }
> error_reporting($error_reporting);
> unset($error_reporting);
>
>
> _________________________________________________________________
> Windows Live: Keep your friends up to date with what you do online.
> http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010
_________________________________________________________________
Windows Live: Keep your friends up to date with what you do online.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010
