Le Dimanche 12 Novembre 2006 14:15, Sylvain Beucler a écrit : > Author: beuc > Date: Sun Nov 12 14:15:08 2006 > New Revision: 6271 > > URL: http://svn.gna.org/viewcvs/savane?rev=6271&view=rev > Log: > add sane_mysql to use mysql_real_escape_string taking magic_quotes into > account > > Modified: > trunk/frontend/php/include/sane.php
I dont get in which circonstances this function should be used. And there is no comment explaining it. All sane_() functions have name that highlight what kind of user input it should provide. sane_cookie() allows to get a cookie value. sane_mysql() would provide a mysql data. But why do we need to escape content from the database? also, on the cosmetic level, why putting this after "function register_globals_off ()" in the page? -- Mathieu Roy | Not everybody on earth is native english speaker, keep cool :) | http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english _______________________________________________ Savane-dev mailing list [email protected] https://mail.gna.org/listinfo/savane-dev
