ID: 37011
Updated by: [EMAIL PROTECTED]
Reported By: kpoxa at kpoxa dot net
-Status: Open
+Status: Wont fix
Bug Type: Feature/Change Request
Operating System: Any
PHP Version: 4.4.2
New Comment:
Use PDO_MYSQL for that.
Previous Comments:
------------------------------------------------------------------------
[2006-04-07 16:56:49] kpoxa at kpoxa dot net
Description:
------------
In perl+mysql qyury params may by autoescaped,
in php i must user mysql_escape_string,
wy not exists function like this:
use
$ecaped_query = mysql_make_query("select * from table where id=? and
field2=? ORDER BY ID",1,'Here i may savely put any data this " and over
untrusted symbols');
Reproduce code:
---------------
function mysql_make_query() {
$num_args = func_num_args();
if ($num_args==0) return '';
$format = func_get_arg(0);
if ($num_args==1) return $format;
$strings = explode('?',$format);
$result = array_shift($strings);
for ($i=1;$i<$num_args;$i++) {
$result .= "'".mysql_escape_string(func_get_arg($i))."'";//'"
$result .= array_shift($strings);
}
return $result;
}
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=37011&edit=1
