On Wed, Sep 3, 2008 at 1:05 PM, Evert Lammerts <evert.lammerts@xxxxxxxxx> wrote: > On Wed, Sep 3, 2008 at 7:58 PM, Evert Lammerts <evert.lammerts@xxxxxxxxx> wrote: >> On Wed, Sep 3, 2008 at 7:41 PM, Dee Ayy <dee.ayy@xxxxxxxxx> wrote: >>> When using mysql_query, the SQL string to be executed should not end >>> in a semicolon. >> >> Ending a query with a semicolon should not be a problem - the string >> is parsed by the mysql server, which handles it fine. > > The manual does mention it, I'm a little too quick with my replies. I > personally never had a problem with it though. Plus, it seemed to work > some mails ago. > > David, did I understand well that your problem is solved? > I have run into problems with it, and it is in the manual. But a test case today did not display the problem on PHP version 4.1.2 and version 5.1.6. As I understood, this is/was a security feature so that SQL injection could not terminate the real query, and add additional hacker queries to the real query. Now I'd like to know why it _IS_ executing _WITH_ a semicolon _DESPITE_ what the manual says. Perhaps some easily_forgettable_magic_flag.ini setting? Gotta love PHP for that. Can we really rely completely on mysql_real_escape_string? When David said the SELECT did not work, but the DELETE worked, I thought for sure the semicolon was the problem. Also, that maybe he just removed the SELECT part so he could move on. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
