At 5:53p -0400 on 11 Jun 2007, Gordan Bobic wrote:
I don't understand this never-ending fascination with re-inventing
a square wheel for an application for which the standard round type
has already been kindly provided since year dot.
I imagine the reason for this "never-ending fascination .
gt; *sigh*
>
>
>> -Original Message-
>> From: Yves Goergen [mailto:[EMAIL PROTECTED]
>> Sent: Saturday, June 09, 2007 4:34 AM
>> To: Daevid Vincent
>> Cc: 'B. Keith Murphy'; 'MySQL General'
>> Subject: Re: MySQL Magazine - Issue 1
Goergen [mailto:[EMAIL PROTECTED]
> Sent: Saturday, June 09, 2007 4:34 AM
> To: Daevid Vincent
> Cc: 'B. Keith Murphy'; 'MySQL General'
> Subject: Re: MySQL Magazine - Issue 1 available NOW
>
> On 04.06.2007 23:44 CE(S)T, Daevid Vincent wrote:
> > Th
On 04.06.2007 23:44 CE(S)T, Daevid Vincent wrote:
> Thanks for the magazine. I already incorporated a little extra SQL
> injection checking into my db.inc.php wrapper...
>
> //[dv] added to remove all comments (which may help with SQL injections
> as well.
> $sql = preg_replace("/#.*?[\r\n]/s", ''
On Wed, Jun 06, 2007 at 05:56:44PM -0700, Peter Rosenthal wrote:
> On 04/06/07, Jon Ribbens <[EMAIL PROTECTED]> wrote:
> >Um, what? Both that and the methods described in the magazine are
> >completely wrong. You use mysql_real_ecape_string(), that's it.
>
> I would disagree on the use of mysql_re
I would disagree on the use of mysql_real_escape_string(). The use of
placeholders is much safer from a maintenance and 'oops look I typoed it'
perspective.
On 04/06/07, Jon Ribbens <[EMAIL PROTECTED]> wrote:
On Mon, Jun 04, 2007 at 02:44:25PM -0700, Daevid Vincent wrote:
> Thanks for the magaz
On Mon, Jun 04, 2007 at 02:44:25PM -0700, Daevid Vincent wrote:
> Thanks for the magazine. I already incorporated a little extra SQL
> injection checking into my db.inc.php wrapper...
>
> //[dv] added to remove all comments (which may help with SQL injections
> as well.
> $sql = preg_replace("/#.*
ute if it finds one outside of
" or ' mark pairs.
d
> -Original Message-
> From: Néstor [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 04, 2007 3:01 PM
> To: MySQL General
> Subject: Re: MySQL Magazine - Issue 1 available NOW
>
> Can you explain what eac
Can you explain what each of those lines do?
Thanks,
Nestor
PS
Great work on the mysql article
On 6/4/07, Daevid Vincent <[EMAIL PROTECTED]> wrote:
Thanks for the magazine. I already incorporated a little extra SQL
injection checking into my db.inc.php wrapper...
//[dv] added to remove
Thanks for the magazine. I already incorporated a little extra SQL
injection checking into my db.inc.php wrapper...
//[dv] added to remove all comments (which may help with SQL injections
as well.
$sql = preg_replace("/#.*?[\r\n]/s", '', $sql);
$sql = preg_replace("/--.*?[\r\n]/s", '', $sql);
$sql
10 matches
Mail list logo
