Tony,
I don't think anyone wants to drop ext/mysql, for a very simple
reason, it works. As such, adding small things that make it more
secure is a good thing. Just because the developers would like
everyone to move over to pdo_mysql or mysqli does not mean people
will or should.
On 14-May-07, at 2:07 PM, Antony Dovgal wrote:
On 05/14/2007 09:49 PM, Stefan Walk wrote:
This is more a security fix than a new feature.
mysql_real_escape_string using the wrong character set can be a
problem when the charset used by it is sufficiently different from
the
one that is put into it.
Well, then you may name ext/mysqli a big security fix.
You can't use this function in new development and be sure you're
"secure", 'cause this would require PHP 5.2.3+.
In the same time you can require MySQLi which is available since
5.0.0.
Now what does the new function fix? Legacy applications requiring
5.2.3+ to be secure?
--
Wbr, Antony Dovgal
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Ilia Alshanetsky
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
