Re: mysql_escape_string()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jason Wong wrote:

... and is in no way related to "metacharacters as defined by the w3c". If you are having a particular problem please elaborate.



As pointed out by rain forest puppy

http://www.wiretrip.net/rfp/txt/phrack55.txt

All metacharacters as defined by the w3c should be escaped for security reasons. Whether it be an sql query or shell command. Even if you don't think a particular metacharacter could be used for sql injection techniques, someone will come along and prove you wrong eventually. Mysql will properly interpret all w3c metacharacters when escaped. I suspect the mysql folks understood the need for it too.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux