> One would be storage space, as base64 requires more space to store the > same data. For a single data element that might not be much, but when > multiplied over all the values stored in your table it makes a > difference. >
That is a good point, thanks. > Also, don't forget to validate/filter non-character data, which you > can't do with base64. Something like this is still vulnerable to SQL > injection even though it 'sanitizes' the expected character input: > > <?php > // user_id expects an integer value > $user_id = $_POST['user_id']; > > $comment = base64_encode($_POST['comment']); > > > $sql = "INSERT INTO `comments` (user_id, comment) VALUES ($user_id, > '$comment')"; > > ?> I see what you mean. In fact, userIDs are stored, and indeed I ensure that they are integers! -- Dotan Cohen http://what-is-what.com http://gibberish.co.il Please CC me if you want to be sure that I read your message. I do not read all list mail. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
