Dotan Cohen wrote on 2009-10-18 10:52:
I assumed the reason you wanted to do escape the string so that you could
perform DB operations.
Yes, that is my intention. However, the function is found in an
include file of functions used in many different scripts, each of
which connect to a different database or may not connect to a database
at all, so I cannot rely on there existing a database connection.
test if you have a db connection in the function, if not, skip MRES and
other mysql_ functions?
In my opinion it's bad code to use a mysql_* function on a Oracle db
(and vice versa) or on a string for that matter. It lies in the naming
of the function what it's designed to do and work on. If you want a
general function to sanitize an input, make your own function
sanitize_input() based on ereg_* and/or str_replace and the likes.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php