Dotan Cohen wrote:
How can I configure mysql_real_escape_string() to _not_ need a
database connection in order to do it's work on a string. I understand
that the function wants a database connection to determine which
charset / encoding is in use, but in my case it will always be UTF-8.
I have a file of reusable functions that I include in several scripts,
one of them is a MySQL sanitation function, like this:
function clean_mysql ($dirty) {
$dirty=trim($dirty);
$clean=mysql_real_escape_string($dirty);
return $clean;
}
As different scripts reuse this code but connect to different
databases, I need the function to work independently of the database
connection. In other words, the include file cannot connect to the
database but it still must perform the mysql_real_escape_string()
function on UTF-8 data.
Thanks in advance for any ideas.
What is your intension when calling this function, if you are not connecting to a DB? I realize you
want to sanitize a string, but why? The only reason to use mysql_real_escape_string() would be to
sanitize a string to prepare it to be used in a query against a mysql database.
If you are simply looking to escape a (UTF-8) string, why not just use the other built in escape
functions from PHP?
What does mysql_real_escape_string() offer you that addslashes(), addcslashes(), htmlentities(),
quotemeta(), htmlspecialchars(), etc... would not offer you?
What type of data are you trying to protect yourself from? And what are you planning on doing with
the output?
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
