Re: Sanitizing potential MySQL strings with no database connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 19 Oct 2009 15:39:40 -0700, Jim Lucas wrote:

> I have no idea if it will work, [...]

Well, you're right so far...

> <?php
> 
> function clean_string($input) {
> 
>   /**
>    * Character to escape...
>    *	\x0	\n	\r	\	'	"	\x1a
>   **/
> 
>   $patterns = array( "\x0",   "\n", "\r", "\\",   "'",    "\"", "\x1a");
>   $replace = array(  '\\\x0', '\n', '\r', '\\\\', '\\\'', '\\"',  '\\\x1a');
>   return str_replace($patterns, $replace, $input);
> }

Not only does this not do quite what mysql_escape_string()
does, but it also fails to not do so spectacularly.

Hint:

  echo str_replace (array('a','b'), array('b','c'), 'a'), "\n";


/Nisse

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux