On 14 May 2010 22:03, Spud. Ivan. wrote:
>
> I'm trying to insert a serialized data into mysql, but I does
> mysql_real_escape_string() before inserting it.
>
> INSERT IGNORE INTO `table` (`value`) VALUES
> ('a:3:{s:12:"F1";s:6:"nombre";s:11:"F2";s:5:"F3";s:16:"F4";s:10:"F5";}');
>
> it result in
LinuxManMikeC wrote:
> On Fri, Jan 15, 2010 at 3:22 PM, Richard Lynch wrote:
>> The subject line says it all:
>>
>> mysql_real_escape_string(0x) yields -1
>>
>> What's up with that?
>>
>> Is there some way to convince mysql_real_escape_string to use BIGINT?
>>
>> I guess I'll just PCRE for
On Fri, Jan 15, 2010 at 3:22 PM, Richard Lynch wrote:
> The subject line says it all:
>
> mysql_real_escape_string(0x) yields -1
>
> What's up with that?
>
> Is there some way to convince mysql_real_escape_string to use BIGINT?
>
> I guess I'll just PCRE for digits and then pass it in and.
Richard Lynch wrote:
> The subject line says it all:
>
> mysql_real_escape_string(0x) yields -1
>
> What's up with that?
>
> Is there some way to convince mysql_real_escape_string to use BIGINT?
>
> I guess I'll just PCRE for digits and then pass it in and...
>
> But what if somebody p
For the longest time, we were having a problem in the docs where
some mirrors were erroneously redirecting references to
mysqli_real_escape_string() to mysql_real_escape_string(). Should all
be fixed now (and certainly is on the US2 mirror).
In my case, I had somehow got the idea that the do
On Sat, Jul 11, 2009 at 17:51, Govinda wrote:
>
> as in a db connection
That's essentially a resource in reference to an object.
--
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our great hosting and dedicated server deals at
ht
2009/7/11 Govinda :
>> You're looking at the documentation for mysqli_real_escape_string but
>> using mysql_real_escape_string - notice the i in mysqli in the first
>> function name.
>
> right. Thanks.
>
>>> p.s. what is a "resource" compared to a string?
>>
>> A resource is a variable type. See h
On Sat, Jul 11, 2009 at 17:46, Stuart wrote:
>
> You're looking at the documentation for mysqli_real_escape_string but
> using mysql_real_escape_string - notice the i in mysqli in the first
> function name.
For the longest time, we were having a problem in the docs where
some mirrors were erro
You're looking at the documentation for mysqli_real_escape_string but
using mysql_real_escape_string - notice the i in mysqli in the first
function name.
right. Thanks.
p.s. what is a "resource" compared to a string?
A resource is a variable type. See http://php.net/language.types.resource
2009/7/11 Govinda :
> This code:
> $maybeDeleteClient=($_GET["maybeDeleteClient"]);
> $maybeDeleteClient=mysql_real_escape_string($db_billing,
> $maybeDeleteClient); // this is line 53
>
> gives this error:
> "Warning: mysql_real_escape_string() expects parameter 2 to be resource,
> string given in
2009/3/21 Robert Cummings :
> Yes, I'm a big fan of automatic database connection identifiers. Why
> just the other week I was integrating ZenCart into another system and I
> couldn't understand why ZenCart wasn't able to properly retrieve the
> last_insert_id(). After digging throught he code I f
> I typically do something like this:
>
> $data_sql = mysql_real_escape_string($data, $connection);
> $query = "insert into data(data) values('$data_sql')";
> $insert = mysql_query($query, $connection);
> if (!$insert){
> trigger_error(mysql_error($connection), E_USER_ERROR);
> }
>
> My custom err
On Sat, 2009-03-21 at 15:37 -0700, mike wrote:
> 2009/3/21 Nisse Engström :
>
> > I tend to use the escape functions in very close proximity to
> > the actual query, so I don't see a problem with supplying a
> > connection identifier.
>
> Except unless explicitly specified, my applications do not
2009/3/21 Nisse Engström :
> I tend to use the escape functions in very close proximity to
> the actual query, so I don't see a problem with supplying a
> connection identifier.
Except unless explicitly specified, my applications do not require a
connection identifier as it is stored in a global
On Fri, 20 Mar 2009 09:49:23 -0700, mike wrote:
> Slightly off topic here, but I find it annoying to have to use the
> connection identifier for the mysqli_real_escape_string.
>
> It would be great if there was a function that I could say
> mysql_escape_string that is using utf-8 instead of defau
At 11:41 AM -0500 3/20/09, Richard Lynch wrote:
I typically do something like this:
$data_sql = mysql_real_escape_string($data, $connection);
$query = "insert into data(data) values('$data_sql')";
$insert = mysql_query($query, $connection);
if (!$insert){
trigger_error(mysql_error($connection)
2009/3/20 Richard Lynch :
> I typically do something like this:
>
> $data_sql = mysql_real_escape_string($data, $connection);
> $query = "insert into data(data) values('$data_sql')";
> $insert = mysql_query($query, $connection);
> if (!$insert){
> trigger_error(mysql_error($connection), E_USER_ERR
On Fri, Mar 20, 2009 at 9:41 AM, Richard Lynch wrote:
> I typically do something like this:
>
> $data_sql = mysql_real_escape_string($data, $connection);
> $query = "insert into data(data) values('$data_sql')";
> $insert = mysql_query($query, $connection);
> if (!$insert){
> trigger_error(mysql_e
---
Use FreeOpenSourceSoftwares, Stop piracy, Let the developers live. Get
a Free CD of Ubuntu mailed to your door without any cost. Visit :
www.ubuntu.com
--
On
OK, thanks. I think you guys are right. It's just safer and simpler than
writing my function and probably not really slower either. need a db
connection anyway. Read a bit on the function and yeah, a bit of screwed up
binary data might yet cause funny errors although the xml is a feed from a
truste
On Sat, 2009-02-21 at 19:19 +1300, Tim | iHostNZ wrote:
> Hi everyone,
>
> Can anyone here tell me why mysql_real_escape_string("asdasddas") returns an
> empty string?
>
> Just writing a data import...
>
> Anyway, for security but also simply because i might have a ' in the string,
> i need to e
On Fri, 29 Sep 2006 11:41:34 -0500 (CDT), "Richard Lynch" wrote:
> Consider that the user could provide *ANY* string, of any size, of any
> composition, for their "Subject"
>
> Maybe they POST a worm in Subject, and it has no newlines, but still
> manages to propogate through Outlook.
>
> Or may
On Fri, September 29, 2006 8:34 pm, Chris Shiflett wrote:
>> I'm looking for a guide, a chart, a grid, an organized systemic
>> documentation of what data should be escaped how as it travels
>> through the "glue" that is PHP...
>
> That's a great idea. Want to write it? :-) I'd be happy to help.
O
Richard Lynch wrote:
> Though I confess, I'm sometimes at a loss how to properly escape
> certain data for certain situations...
>
> Here's an example:
> Take the Subject of an email.
>
> Sure, I've sanitized it to be sure there are no newlines for header
> injection.
>
> But now how do I proper
At 11:41 AM -0500 9/29/06, Richard Lynch wrote:
On Thu, September 28, 2006 2:06 pm, tedd wrote:
I realize that you are not asking for an answer, but for a guide --
however -- isn't the real problem here simply one of injection? Just
stop the user from injecting stuff in the subject and that w
On Thu, September 28, 2006 2:06 pm, tedd wrote:
> I realize that you are not asking for an answer, but for a guide --
> however -- isn't the real problem here simply one of injection? Just
> stop the user from injecting stuff in the subject and that would fix
> it right? Or, am I underestimating th
At 11:06 AM -0500 9/28/06, Richard Lynch wrote:
Though I confess, I'm sometimes at a loss how to properly escape
certain data for certain situations...
Here's an example:
Take the Subject of an email.
Sure, I've sanitized it to be sure there are no newlines for header
injection.
But now how do
At 11:06 AM -0500 9/28/06, Richard Lynch wrote:
> What's up with that? Any ideas as to what happened?
One also has to ask WHY you would use MySQL's escaping for data that's
not going into MySQL.
That's almost certainly "wrong"
Richard:
Yes, according to:
http://us3.php.net/mysql_real_escap
On Thu, September 28, 2006 10:06 am, tedd wrote:
> In one of my snip-its, namely:
>
> http://xn--ovg.com/pdf
>
> I was generating a pdf document after the user filled in a form. I
> had been cleaning the user input by using --
>
> $name = mysql_real_escape_string($name);
>
> -- even though I wasn'
Larry E . Ullman" <[EMAIL PROTECTED]> wrote in message:
> The mysql_real_escape_string() requires a connection to the database.
> The connection identifier is defined in another script so it's brought
> in using the global statement.
>
> Hope that helps,
> Larry
..
The following function is from Larry Ullman's PHP and mySQL on page
217 -
script 6.8 - in which there is a connection to a mySQL database using
PHP.
My question is that I'm not sure of the global variable $dbc.
Hello Anthony,
The mysql_real_escape_string() requires a connection to the database.
dbc looks like a MySQL Connection Resource, a connection returned from
mysql_connect. It looks like this function is using the mysql escape
function to make sure the data is properly escaped for that particular
database. If you use a function other than mysql_real_escape_string you
can remove
>Does mysql_real_escape_string exist? I've seen it in the manual pages,
and
>to my understanding, it is the proper function to call on strings to
escape
>them before inserting them into a database...
mysql_real_escape_string() is only available in CVS version.
_
Mattias Eriksson
-
33 matches
Mail list logo
