aidan Mon Sep 20 04:52:59 2004 EDT
Modified files:
/phpdoc/en/reference/mysql/functions mysql-real-escape-string.xml
Log:
Split second example in two
http://cvs.php.net/diff.php/phpdoc/en/reference/mysql/functions/mysql-real-escape-string.xml?r1=1.15&r2=1.16&ty=u
Index: phpdoc/en/reference/mysql/functions/mysql-real-escape-string.xml
diff -u phpdoc/en/reference/mysql/functions/mysql-real-escape-string.xml:1.15
phpdoc/en/reference/mysql/functions/mysql-real-escape-string.xml:1.16
--- phpdoc/en/reference/mysql/functions/mysql-real-escape-string.xml:1.15 Tue
Sep 7 10:14:24 2004
+++ phpdoc/en/reference/mysql/functions/mysql-real-escape-string.xml Mon Sep 20
04:52:55 2004
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.15 $ -->
+<!-- $Revision: 1.16 $ -->
<!-- splitted from ./en/functions/mysql.xml, last change in rev 1.100 -->
<refentry id="function.mysql-real-escape-string">
<refnamediv>
@@ -106,10 +106,16 @@
<para>
This would allow anyone to log in without a valid password.
</para>
+ </example>
+ </para>
+ <para>
+ <example>
+ <title>A "Best Practice" query</title>
<para>
Using <function>mysql_real_escape_string</function> around each variable
- prevents this. This example demonstrates the proper method for querying a
database,
- independent of the <link linkend="security.magicquotes">Magic Quotes</link>
setting.
+ prevents SQL Injection. This example demonstrates the "best practice"
+ method for querying a database, independent of the
+ <link linkend="security.magicquotes">Magic Quotes</link> setting.
</para>
<programlisting role="php">
<