On 23/01/2008, mike <[EMAIL PROTECTED]> wrote: > > > It would be Real Nifty (tm) if the MySQL API had a function that let > > > you specify the charset without a connection and did the escaping. > > > > > > Presumably you don't NEED a connection if you already know what > > > charset thingie you are aiming at... > > I concur - it would be nice to have the capability to have a normal > string escape function and give it a character set. I mean we should > all be using utf-8 anyway, right?
I'd be interested in hearing an argument against UTF-8, other than the disk space argument. > Right now I still use mysql_escape_string and it seems to work fine, > but it makes me nervous as everything else I use is mysqli and I know > it is not 100% compatible (just haven't had anything break it yet) - > but I hate having to have a connection handle open just to escape > things. I think it was here on this list that we saw an example of SQL injection despite the use of mysql_escape_string. Some funky Asian charset was used, no? Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
