Re: [PHP] mysql_real_escape_string paranoid enough?

tedd Sat, 21 Mar 2009 06:12:05 -0700

At 11:41 AM -0500 3/20/09, Richard Lynch wrote:

I typically do something like this:


$data_sql = mysql_real_escape_string($data, $connection);
$query = "insert into data(data) values('$data_sql')";
$insert = mysql_query($query, $connection);
if (!$insert){
  trigger_error(mysql_error($connection), E_USER_ERROR);
}


Richard:

Isn't this --

$insert = mysql_query($query, $connection);
if (!$insert){
  trigger_error(mysql_error($connection), E_USER_ERROR);
}

-- the same as:

$result = mysql_query($query) ordie(trigger_error(mysql_error($connection), E_USER_ERROR)));


Why not use die?

----

For error reporting, I use this:

$result = mysql_query($query) or die(report($query,__LINE__ ,__FILE__));

Where:

function report($query, $line, $file)
        {

echo($query . '<br />' .$line . '<br />' . $file . '<br />' .mysql_error());

        }

HTH's

tedd
--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysql_real_escape_string paranoid enough?

Reply via email to