On Mon, April 2, 2007 1:32 pm, Chris Shiflett wrote:
Richard Lynch wrote:
Should one be ultra-conservative and just do:
$foo_sql = mysql_real_escape_string($connection);
I don't consider this (escaping) to be particularly conservative; it's
appropriate for any data you want to use in an SQL
On 01/04/07, Richard Lynch [EMAIL PROTECTED] wrote:
So, after a recent thread on data filtering, I'm wondering...
Is this good enough in ALL possible Unicode/charset situations:
$foo_id = (int) $_POST['foo_id'];
$query = insert into whatever(foo_id) values($foo_id);
Or is it possible, even
Richard Lynch wrote:
Should one be ultra-conservative and just do:
$foo_sql = mysql_real_escape_string($connection);
I don't consider this (escaping) to be particularly conservative; it's
appropriate for any data you want to use in an SQL query that's being
sent to MySQL.
Filtering is
Tijnema wrote:
use this instead:
$foo_sql = mysql_real_escape_string($foo_sql,$connection);
Don't escape an entire SQL query.
Escaping helps us provide distinction between the query and the data,
eliminating cases where data can interfere with the format of the query
(SQL injection).
If
On 4/1/07, Richard Lynch [EMAIL PROTECTED] wrote:
So, after a recent thread on data filtering, I'm wondering...
Is this good enough in ALL possible Unicode/charset situations:
$foo_id = (int) $_POST['foo_id'];
$query = insert into whatever(foo_id) values($foo_id);
Or is it possible, even
At 11:03 PM -0500 3/31/07, Richard Lynch wrote:
So, after a recent thread on data filtering, I'm wondering...
Is this good enough in ALL possible Unicode/charset situations:
$foo_id = (int) $_POST['foo_id'];
$query = insert into whatever(foo_id) values($foo_id);
The range of Unicode is
So, after a recent thread on data filtering, I'm wondering...
Is this good enough in ALL possible Unicode/charset situations:
$foo_id = (int) $_POST['foo_id'];
$query = insert into whatever(foo_id) values($foo_id);
Or is it possible, even theoretically possible, for a sequence of:
[-]?[0-9]+
to
7 matches
Mail list logo
