ID: 48290 Updated by: j...@php.net Reported By: kexianbin at diyism dot com -Status: Open +Status: Bogus Bug Type: Feature/Change Request Operating System: Irrelevant PHP Version: 5.3.1 New Comment:
Will never happen. You should start using MySQLi and prepared statements. Previous Comments: ------------------------------------------------------------------------ [2009-08-10 12:28:52] kexianbin at diyism dot com I've changed the summary of the request. ------------------------------------------------------------------------ [2009-08-10 12:26:41] kexianbin at diyism dot com For the most convenience of we php programmers, maybe we should make a patch to the variable parsing module of double quoted strings in the php engine, to parse variables, while add slashes to them for such formats: "{#variable_name}", for example: <? $name="myname"; $value="my'value"; echo "insert into z_test (name, value) values ('{$name}', '{#value}')"; ?> we should get: insert into z_test (name, value) values ('myname', 'my\'value') ------------------------------------------------------------------------ [2009-08-10 12:18:22] kexianbin at diyism dot com Or i could write like this: $_='addslashes'; $sql="insert into z_test (name, value) values ('{$name}', '{$_($value)}')"; mysql_query($sql); ------------------------------------------------------------------------ [2009-08-10 11:26:11] kexianbin at diyism dot com Maybe currently i could write like this: $sql=eval(safe( "insert into z_test (name, value) values ('{$name}', '{#value}')" )); mysql_query($sql); ------------------------------------------------------------------------ [2009-05-15 06:08:47] kexianbin at diyism dot com You will say to use PDO, but these code is so ugly: $sql=$pdo->prepare("select * from sem_SearchChangeShow where Keyword=:Keyword and BatchNum=:BatchNum and OldChannelID=:ApvChannelID_old and OldCategoryID=:ApvCategoryID_old "); $sql->execute(array(':Keyword'=>$v['Keyword'], ':BatchNum'=>$v['BatchNum'], ':ApvChannelID_old'=>$v['ApvChannelID_old'], ':ApvCategoryID_old'=>$v['ApvCategoryID_old'] ) ); $tmp=$sql->fetch(PDO::FETCH_ASSOC); ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/48290 -- Edit this bug report at http://bugs.php.net/?id=48290&edit=1