Here's a question. The docs for mysql_real_escape_string claim that it
checks the magic_quotes_gpc setting and will stripslashes()
automatically. However, I see nothing in the code that indicates this.
Is it a documentation error?
Chris
Christopher Kings-Lynne wrote:
As a follow up I've attached my initial patch for this. Can people
please review?
Chris
Christopher Kings-Lynne wrote:
Hi,
I'm starting on a pg_real_escape_string and pg_real_escape_bytea
function for PostgreSQL, based on this security release:
http://www.postgresql.org/docs/techdocs.49
Is anyone else working on it, or is it fine that I do it? I'll let
you know if it's going to take me too long.
Basically the new functions are analagous to the
mysql_real_escape_string function. The difference will be that the
pgsql function will have the optional DB connection resource as the
first parameter rather than the second. (Same as other pgsql functions)
Any comments?
There may be cause to backport these functions ... although the
existing pg_escape_string function is safe in a single threaded
context. That's your guys call.
Chris
--
Christopher Kings-Lynne
Technical Manager
CalorieKing
Tel: +618.9389.8777
Fax: +618.9389.8444
[EMAIL PROTECTED]
www.calorieking.com
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php