mysql_escape_string can be used instead. You just lose the ability to
have it match coallation. I still think there should be the
mysql_escape_string or real one and allow it to pass the coallation
without a database handle -or- just make a unicode/utf8 one and be
done with it.
On May 6,
I know that use the mysql_real_escape_string to do de job is better but you
should consider that the this function don't have any access to the data
base, to objective of this function is sanitize the string.
And please, see my second answer, i make some updates in the function that
possibly is re
On Wed, May 6, 2009 at 12:06 PM, Bruno Fajardo wrote:
> Hi there!
>
> 2009/5/6 Igor Escobar
>>
>> Hi folks,
>> Someone know how i can improve this function to protect my envairounment
>> vars of sql injection attacks.
>>
>> that is the function i use to do this, but, some people think is not enou
Hi there!
2009/5/6 Igor Escobar
>
> Hi folks,
> Someone know how i can improve this function to protect my envairounment
> vars of sql injection attacks.
>
> that is the function i use to do this, but, some people think is not enough:
>
> * @uses $_REQUEST= _antiSqlInjection($_REQUEST);
> * @us
4 matches
Mail list logo
