Oh dear... Without getting into any religious arguments, if you have to use it, PHP already provides a perfectly good interface for preventing any SQL injections - ever. Use MySQLi and bound parameters. And if somebody manages to invent some quasi-valid reason for not using MySQLi (e.g. version of PHP used), then there is always mysql_escape_string() / mysql_real_escape_string().
I don't understand this never-ending fascination with re-inventing a square wheel for an application for which the standard round type has already been kindly provided since year dot. /RANT Gordan Daevid Vincent wrote: > Yes, you are correct. In a cruel, ironic twist, that actually bit me in > the ass, as it turns out we tried to import some "HTML" output from MS > Word, which adds all kinds of crazy XHTML comment tag thingys that look > like: > > <!--[if gte mso 9]> > <!--[if !mso]> > <![endif]--> > Etc. > > *sigh* > > >> -----Original Message----- >> From: Yves Goergen [mailto:[EMAIL PROTECTED] >> Sent: Saturday, June 09, 2007 4:34 AM >> To: Daevid Vincent >> Cc: 'B. Keith Murphy'; 'MySQL General' >> Subject: Re: MySQL Magazine - Issue 1 available NOW!!!! >> >> On 04.06.2007 23:44 CE(S)T, Daevid Vincent wrote: >>> Thanks for the magazine. I already incorporated a little extra SQL >>> injection checking into my db.inc.php wrapper... >>> >>> //[dv] added to remove all comments (which may help with >> SQL injections >>> as well. >>> $sql = preg_replace("/#.*?[\r\n]/s", '', $sql); >>> $sql = preg_replace("/--.*?[\r\n]/s", '', $sql); >>> $sql = preg_replace("@/\*(.*?)\*/@s", '', $sql); >> I'm not aware of the context, but I guess you can imagine >> that this will >> corrupt any SQL queries that contain "#" or "--" or "/* ... >> */" inside a >> string. So I would highly recommend not using those. >> >> -- >> Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]> >> Visit my web laboratory at http://beta.unclassified.de >> > > -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
