-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Read the docs again. They do not claim that. I quote:
"Note: If magic_quotes_gpc is enabled, first apply stripslashes() to
the data. Using this function on data which has already been escaped
will escape the data twice." -- http://php.net/mysql_
Here's a question. The docs for mysql_real_escape_string claim that it
checks the magic_quotes_gpc setting and will stripslashes()
automatically. However, I see nothing in the code that indicates this.
Is it a documentation error?
Chris
Christopher Kings-Lynne wrote:
As a follow up I've a
Marcus Boerger wrote:
As a follow up I've attached my initial patch for this. Can people
please review?
Without having looked at the implementation:
Does this implementation also deal with changes in the client encoding?
http://ilia.ws/archives/103-mysql_real_escape_string-versus-Prepared-St
Hello Christopher,
there's an interesting detail in you patch i never used in the for you
did: php_error_docref("function.pg-real-escape-bytea" ...) where the name
you passed in is different from the name of the function. That works as
expected? On the same thing, you say that the function is d
As a follow up I've attached my initial patch for this. Can people
please review?
Chris
Christopher Kings-Lynne wrote:
Hi,
I'm starting on a pg_real_escape_string and pg_real_escape_bytea
function for PostgreSQL, based on this security release:
http://www.postgresql.org/docs/techdocs.49
