[PHP-DOC] cvs: phpdoc /en/reference/mysql/functions mysql-escape-string.xml
aidan Wed Aug 11 04:40:28 2004 EDT Modified files: /phpdoc/en/reference/mysql/functionsmysql-escape-string.xml Log: Arrgh - Didn't read my diffs. Removed notes from bottom of file. http://cvs.php.net/diff.php/phpdoc/en/reference/mysql/functions/mysql-escape-string.xml?r1=1.10&r2=1.11&ty=u Index: phpdoc/en/reference/mysql/functions/mysql-escape-string.xml diff -u phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.10 phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.11 --- phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.10Wed Aug 11 04:32:23 2004 +++ phpdoc/en/reference/mysql/functions/mysql-escape-string.xml Wed Aug 11 04:40:28 2004 @@ -1,5 +1,5 @@ - + @@ -91,18 +91,4 @@ vim600: syn=xml fen fdm=syntax fdl=2 si vim: et tw=78 syn=sgml vi: ts=1 sw=1 ---> - -- mysql_escape_string calls MySQL's library function of the same name, which prepends slashes to the following characters: NUL (\x00), \n, \r, \, ', " and \x1a. - -- AddSlashes escapes NUL, ', " and \. - -$query = "SELECT * FROM adresses WHERE name='$name' AND private='N'"; - -mysql_query($query); -?> - -Without mysql_escape_string a user could set name to "' OR 1=1 OR ''='" - -effectively leading to the query: -SELECT * FROM adresses WHERE name='' OR 1=1 OR ''='' AND private='N' \ No newline at end of file +--> \ No newline at end of file
[PHP-DOC] cvs: phpdoc /en/reference/mysql/functions mysql-escape-string.xml
aidan Wed Aug 11 04:32:24 2004 EDT Modified files: /phpdoc/en/reference/mysql/functionsmysql-escape-string.xml Log: Noted the function is deprecated. http://cvs.php.net/diff.php/phpdoc/en/reference/mysql/functions/mysql-escape-string.xml?r1=1.9&r2=1.10&ty=u Index: phpdoc/en/reference/mysql/functions/mysql-escape-string.xml diff -u phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.9 phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.10 --- phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.9 Mon Jan 5 08:03:26 2004 +++ phpdoc/en/reference/mysql/functions/mysql-escape-string.xml Wed Aug 11 04:32:23 2004 @@ -1,5 +1,5 @@ - + @@ -54,6 +54,15 @@ + + + This function has been deprecated since PHP 4.3.0. + Do not use this function. Use mysql_real_escape_string + instead. + + + + See also mysql_real_escape_string, addslashes and the @@ -83,3 +92,17 @@ vim: et tw=78 syn=sgml vi: ts=1 sw=1 --> + +- mysql_escape_string calls MySQL's library function of the same name, which prepends slashes to the following characters: NUL (\x00), \n, \r, \, ', " and \x1a. + +- AddSlashes escapes NUL, ', " and \. + +$query = "SELECT * FROM adresses WHERE name='$name' AND private='N'"; + +mysql_query($query); +?> + +Without mysql_escape_string a user could set name to "' OR 1=1 OR ''='" + +effectively leading to the query: +SELECT * FROM adresses WHERE name='' OR 1=1 OR ''='' AND private='N' \ No newline at end of file
[PHP-DOC] cvs: phpdoc /en/reference/mysql/functions mysql-escape-string.xml
sander Sat Jun 15 05:07:17 2002 EDT Modified files: /phpdoc/en/reference/mysql/functionsmysql-escape-string.xml Log: Added tags Index: phpdoc/en/reference/mysql/functions/mysql-escape-string.xml diff -u phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.5 phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.6 --- phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.5 Sat May 25 17:09:41 2002 +++ phpdoc/en/reference/mysql/functions/mysql-escape-string.xml Sat Jun 15 05:07:17 +2002 @@ -1,5 +1,5 @@ - + @@ -25,7 +25,7 @@ This function is identical to mysql_real_escape_string except that - mysql_real_escape_string() takes a connection handler and escapes the + mysql_real_escape_string takes a connection handler and +escapes the string according to the current character set. mysql_escape_string does not take a connection argument and does not respect the current charset setting.
[PHP-DOC] cvs: phpdoc /en/reference/mysql/functions mysql-escape-string.xml
betzSat May 25 17:09:41 2002 EDT Modified files: /phpdoc/en/reference/mysql/functionsmysql-escape-string.xml Log: another small typo :-) Index: phpdoc/en/reference/mysql/functions/mysql-escape-string.xml diff -u phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.4 phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.5 --- phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.4 Sat May 25 11:27:19 2002 +++ phpdoc/en/reference/mysql/functions/mysql-escape-string.xml Sat May 25 17:09:41 +2002 @@ -1,5 +1,5 @@ - + @@ -52,7 +52,7 @@ - See also + See also: mysql_real_escape_string, addslashes, and the magic_quotes_gpc
[PHP-DOC] cvs: phpdoc /en/reference/mysql/functions mysql-escape-string.xml
betzSat May 25 11:27:20 2002 EDT Modified files: /phpdoc/en/reference/mysql/functionsmysql-escape-string.xml Log: example correction Index: phpdoc/en/reference/mysql/functions/mysql-escape-string.xml diff -u phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.3 phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.4 --- phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.3 Thu Apr 18 14:47:41 2002 +++ phpdoc/en/reference/mysql/functions/mysql-escape-string.xml Sat May 25 11:27:19 +2002 @@ -1,5 +1,5 @@ - + @@ -32,13 +32,12 @@ - mysql_real_escape_string example + mysql_escape_string example
[PHP-DOC] cvs: phpdoc /en/reference/mysql/functions mysql-escape-string.xml
philip Thu Apr 18 14:47:41 2002 EDT Modified files: /phpdoc/en/reference/mysql/functionsmysql-escape-string.xml Log: mysql_escape_string(): See also addslashes and magic_quotes_gpc Index: phpdoc/en/reference/mysql/functions/mysql-escape-string.xml diff -u phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.2 phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.3 --- phpdoc/en/reference/mysql/functions/mysql-escape-string.xml:1.2 Wed Apr 17 02:41:10 2002 +++ phpdoc/en/reference/mysql/functions/mysql-escape-string.xml Thu Apr 18 14:47:41 +2002 @@ -1,5 +1,5 @@ - + @@ -53,8 +53,11 @@ - See also: - mysql_real_escape_string + See also + mysql_real_escape_string, + addslashes, and the + magic_quotes_gpc + directive.