Edit report at http://bugs.php.net/bug.php?id=48290&edit=1
ID: 48290
User updated by: kexianbin at diyism dot com
Reported by: kexianbin at diyism dot com
Summary: auto escape for variables in double quoted sql string
Status: Bogus
Type: Feature/Change Request
Package: *General Issues
Operating System: Irrelevant
PHP Version: 5.3.3
New Comment:
function safe_query($scope, $sql)
{extract($scope);
$sql=strtr($sql, array('"'=>'\"', '\\'=>'\\\\'));
$sql=eval('return "'.preg_replace(array('/\{#(.*?)\}/'),
array('".addslashes($\1)."'), $sql).'";');
mysql_query($sql);
}
safe_query(get_defined_vars(),
"insert into z_test (name, value) values ('{$name}',
'{#value}')"
);
Previous Comments:
------------------------------------------------------------------------
[2010-03-22 10:39:42] johan...@php.net
As others told you: This feature won't be implemented.
------------------------------------------------------------------------
[2010-03-22 10:30:18] kexianbin at diyism dot com
,
------------------------------------------------------------------------
[2010-03-22 10:30:07] kexianbin at diyism dot com
,
------------------------------------------------------------------------
[2010-03-22 10:29:52] kexianbin at diyism dot com
,
------------------------------------------------------------------------
[2009-12-16 10:41:10] der...@php.net
.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=48290
--
Edit this bug report at http://bugs.php.net/bug.php?id=48290&edit=1
