ID: 40097
User updated by: marcel dot normann at experimentierkasten dot de
Reported By: marcel dot normann at experimentierkasten dot de
Status: Wont fix
Bug Type: Feature/Change Request
Operating System: all
PHP Version: 6CVS-2007-01-11 (CVS)
New Comment:
Derick, you are right. But I have revised a lot of code from other
developers last months and I found SQL injections made possible by
unsecure use of implode() in almost every application. I think that
situation can be improved by offering a callback in implode().
Previous Comments:
------------------------------------------------------------------------
[2007-01-11 08:09:07] [EMAIL PROTECTED]
You can use array walk for that:
array_walk(implode('-', $string), 'callbackFunc');
------------------------------------------------------------------------
[2007-01-11 07:44:07] marcel dot normann at experimentierkasten dot de
Description:
------------
implode() is often used for doing such things like
$sSql = "select * from somewhere where something in
('".implode("','",$aArray)."')";
This is nice for SQL injection. Maybe it would be a good idea to add a
possibility to implode() for manipulating each implode()-item:
string implode ( string glue, array pieces [, callback callback])
$aArray = array('some','boring','items');
echo implode('-',$aArray,'ucfirst'); // = Some-Boring-Items
This example is not very usefull but imgine the use of
mysql_escape_string() instead.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=40097&edit=1
