Dotan Cohen wrote on 2009-10-18 10:52:
I assumed the reason you wanted to do escape the string so that you could 
perform DB operations.


Yes, that is my intention. However, the function is found in an
include file of functions used in many different scripts, each of
which connect to a different database or may not connect to a database
at all, so I cannot rely on there existing a database connection.


test if you have a db connection in the function, if not, skip MRES and other mysql_ functions?

In my opinion it's bad code to use a mysql_* function on a Oracle db (and vice versa) or on a string for that matter. It lies in the naming of the function what it's designed to do and work on. If you want a general function to sanitize an input, make your own function sanitize_input() based on ereg_* and/or str_replace and the likes.

--
Kind regards
Kim Emax

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to