At 0:07 +0000 3/12/03, Lai Liu-yuan wrote:
Thanks for your reply.
But, what then is the role of mysql_real_query? In document, it says
"You must use mqsql_real_query for queries that contain binary data"?
That doesn't mean the data values don't need to be properly escaped.
What if you put a binary value containing a quote within quotes?
Result: malformed query.
mysql_real_query() uses a string and a length to indicate how long the
string is. It won't be fooled by the presence of an ASCII 0 value within
the string.
mysql_query() uses a null-terminated string. It *will* be fooled by the
presence of an ASCII 0 value within the string. Specifically, it will
think the string ends at that 0, rather than where you want it to end.
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php