Edit report at http://bugs.php.net/bug.php?id=48290&edit=1
ID: 48290 User updated by: kexianbin at diyism dot com Reported by: kexianbin at diyism dot com Summary: auto escape for variables in double quoted sql string Status: Bogus Type: Feature/Change Request Package: *General Issues Operating System: Irrelevant PHP Version: 5.3.3 New Comment: function safe_query($scope, $sql) {extract($scope); $sql=strtr($sql, array('"'=>'\"', '\\'=>'\\\\')); $sql=eval('return "'.preg_replace(array('/\{#(.*?)\}/'), array('".addslashes($\1)."'), $sql).'";'); mysql_query($sql); } safe_query(get_defined_vars(), "insert into z_test (name, value) values ('{$name}', '{#value}')" ); Previous Comments: ------------------------------------------------------------------------ [2010-03-22 10:39:42] johan...@php.net As others told you: This feature won't be implemented. ------------------------------------------------------------------------ [2010-03-22 10:30:18] kexianbin at diyism dot com , ------------------------------------------------------------------------ [2010-03-22 10:30:07] kexianbin at diyism dot com , ------------------------------------------------------------------------ [2010-03-22 10:29:52] kexianbin at diyism dot com , ------------------------------------------------------------------------ [2009-12-16 10:41:10] der...@php.net . ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=48290 -- Edit this bug report at http://bugs.php.net/bug.php?id=48290&edit=1