At 11:46 AM +0200 7/8/01, Werner Stuerenburg wrote:
>See http://www.mysql.com/doc/S/t/String_syntax.html
>
>> I thought that the way the data was stored you could not use certain
> > characters.
Now you have come full circle. This is where I had started and what
generated my question. I thought I could store any character in MySQL
fields (that support strings), but this list of escape sequences left
me wondering if I had to escape certain characters in order to store
them in the database.
What I have concluded is that you can store any character, even the
characters that are shown as escaped, but it is a matter of how the
character gets into the database. If your mechanism uses some sort of
quote then a quote in the data will screw things up (same goes for
all the rest that are shown as escaped). The escapes would also be
used for any strings in MySQL functions or SQL statements.
Another reason for escaping is to prevent a security issue in which a
malicious attacker can use special characters to insert arbitrary SQL
into queries, which can lead to security holes.
So a good CGI, like PHP, allows for escaping of characters with a
function. MySQL provides a function in its C API
(mysql_real_escape_string()).
I am getting it right this time?
The reason I have some trouble with this is that I will be dealing
with a lot of FileMaker databases that allow this kind of data in
fields (along with things like curly quotes). And a CGI which has
recently added direct MySQL support that has not fully matured.
--
Michael
__
||| Michael Collins |||
||| Kuwago Web Services ||| mailto:[EMAIL PROTECTED]
||| Seattle, WA, USA ||| http://www.lassodev.com
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
