Well, they're PHP syntax to go along with the article about SQL injection. According to this page: http://dev.mysql.com/doc/refman/5.0/en/comments.html
There are basically three styles of comments. I just have a wrapper class for all my SQL queries (db.inc.php) and I added a little cleaning code that strips out anything that looks like comments. It could be argued that since they're comments already, mySQL shouldn't parse them, but just to be safe. The real issue to look for is the ";" (semicolon). I have another routine that looks for ; and doesn't execute if it finds one outside of " or ' mark pairs. d > -----Original Message----- > From: Néstor [mailto:[EMAIL PROTECTED] > Sent: Monday, June 04, 2007 3:01 PM > To: MySQL General > Subject: Re: MySQL Magazine - Issue 1 available NOW!!!! > > Can you explain what each of those lines do? > > Thanks, > > Nestor > > PS > Great work on the mysql article!!!! > > On 6/4/07, Daevid Vincent <[EMAIL PROTECTED]> wrote: > > > > Thanks for the magazine. I already incorporated a little extra SQL > > injection checking into my db.inc.php wrapper... > > > > //[dv] added to remove all comments (which may help with > SQL injections > > as well. > > $sql = preg_replace("/#.*?[\r\n]/s", '', $sql); > > $sql = preg_replace("/--.*?[\r\n]/s", '', $sql); > > $sql = preg_replace("@/\*(.*?)\*/@s", '', $sql); > > > > Keep up the great work! > > > > d > > > > > -----Original Message----- > > > From: B. Keith Murphy [mailto:[EMAIL PROTECTED] > > > Sent: Monday, June 04, 2007 9:56 AM > > > To: MySQL General > > > Subject: MySQL Magazine - Issue 1 available NOW!!!! > > > > > > Everyone, > > > > > > I have just uploaded the first issue MySQL Magazine to > > > http://paragon-cs.com/mag/issue1.pdf > > > > > > Please take a look at it. There is a great deal of > > > information here and > > > I think it is worth some time. > > > > > > Feedback is always welcome. > > > > > > thanks, > > > > > > Keith Murphy > > > > > > -- > > > MySQL General Mailing List > > > For list archives: http://lists.mysql.com/mysql > > > To unsubscribe: > > > http://lists.mysql.com/[EMAIL PROTECTED] > > > > > > > > > > > > -- > > MySQL General Mailing List > > For list archives: http://lists.mysql.com/mysql > > To unsubscribe: > http://lists.mysql.com/[EMAIL PROTECTED] > > > > > -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
