-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Read the docs again. They do not claim that. I quote:
"Note: If magic_quotes_gpc is enabled, first apply stripslashes() to the data. Using this function on data which has already been escaped will escape the data twice." -- http://php.net/mysql_real_escape_string Jasper Christopher Kings-Lynne wrote: > Here's a question. The docs for mysql_real_escape_string claim that it > checks the magic_quotes_gpc setting and will stripslashes() > automatically. However, I see nothing in the code that indicates this. > Is it a documentation error? > > Chris > > > Christopher Kings-Lynne wrote: >> As a follow up I've attached my initial patch for this. Can people >> please review? >> >> Chris >> >> Christopher Kings-Lynne wrote: >>> Hi, >>> >>> I'm starting on a pg_real_escape_string and pg_real_escape_bytea >>> function for PostgreSQL, based on this security release: >>> >>> http://www.postgresql.org/docs/techdocs.49 >>> >>> Is anyone else working on it, or is it fine that I do it? I'll let >>> you know if it's going to take me too long. >>> >>> Basically the new functions are analagous to the >>> mysql_real_escape_string function. The difference will be that the >>> pgsql function will have the optional DB connection resource as the >>> first parameter rather than the second. (Same as other pgsql functions) >>> >>> Any comments? >>> >>> There may be cause to backport these functions ... although the >>> existing pg_escape_string function is safe in a single threaded >>> context. That's your guys call. >>> >>> Chris >>> > - -- Jasper Bryant-Greene General Manager Album Limited http://www.album.co.nz/ 0800 4 ALBUM [EMAIL PROTECTED] 021 708 334 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFEfOkmFfAeHhDzT4gRA3/1AJ40jOrkZfaK+8vScrWlQw7GO3MBwwCfU0ra KiUywAybyQsqO+J9AZggX/s= =dYMR -----END PGP SIGNATURE----- -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
