Hi,
escpaing have to be done with DB connection otherwise it's just
impossible ro escape (think about different charsets).
But if we drop support for mysql < 4.1 then I'm -1 for this patch
because we can use prepared statements that don't require
escaping.
If we decide to drop mysql support < 4.1 then I can provide patch for
prepared statements.
Thanks,
Alex
Am 07.08.2009 um 13:42 schrieb Alejandro Guerrieri:
I don't particularly like the idea of loading the DB for something
as simple as escaping a few special chars. Adding a bool variable
would only add complexity.
Regards,
--
Alejandro Guerrieri
[email protected]
On 07/08/2009, at 13:30, Vincent CHAVANIS wrote:
I'm +0 for this patch as it.
There will be a compatibility breaker with Mysql < 4
as the mysql_real_escape_string as been implemented in mysql 4.
We already had this discussion 4 years back with the stipe's patch.
(http://www.mail-archive.com/[email protected]/msg05072.html)
This was mainly reject by this, but we are now in 2009 :-)
hopping everyone have updated their mysql version.
IMO, The idea would be to implement a new bool config variable
to use or not the mysql_real_escape_string() function.
BTW, we may all know that this function will use a connection to
the DB
and by consequences will load the Mysql server.
Vincent.
Donald Jackson a écrit :
Hi everyone,
Just posting this patch in case anyone wants to use it. It escapes
the source address string to make it MySQL safe on the connection.
In hindsight possibly not perfect implementation but it does the
job.
Thanks,
--
Donald Jackson
http://www.ddj.co.za/
donaldjster(a)gmail.com <http://gmail.com>
