Thanks, Alex
mysql-prepared.patch
Description: Binary data
Am 07.08.2009 um 14:13 schrieb Alexander Malysh:
Hi,escpaing have to be done with DB connection otherwise it's just impossible ro escape (think about different charsets).But if we drop support for mysql < 4.1 then I'm -1 for this patch because we can use prepared statements that don't requireescaping.If we decide to drop mysql support < 4.1 then I can provide patch for prepared statements.Thanks, Alex Am 07.08.2009 um 13:42 schrieb Alejandro Guerrieri:I don't particularly like the idea of loading the DB for something as simple as escaping a few special chars. Adding a bool variable would only add complexity.Regards, -- Alejandro Guerrieri [email protected] On 07/08/2009, at 13:30, Vincent CHAVANIS wrote:I'm +0 for this patch as it. There will be a compatibility breaker with Mysql < 4 as the mysql_real_escape_string as been implemented in mysql 4. We already had this discussion 4 years back with the stipe's patch. (http://www.mail-archive.com/[email protected]/msg05072.html) This was mainly reject by this, but we are now in 2009 :-) hopping everyone have updated their mysql version. IMO, The idea would be to implement a new bool config variable to use or not the mysql_real_escape_string() function.BTW, we may all know that this function will use a connection to the DBand by consequences will load the Mysql server. Vincent. Donald Jackson a écrit :Hi everyone,Just posting this patch in case anyone wants to use it. It escapes the source address string to make it MySQL safe on the connection. In hindsight possibly not perfect implementation but it does the job.Thanks, -- Donald Jackson http://www.ddj.co.za/ donaldjster(a)gmail.com <http://gmail.com>
