On Tue, 2009-10-20 at 14:20 +0200, Andrea Giammarchi wrote:
> > Your only option might be to do something "smart". You can't use the
> > proper mysql functions without a connection to a database, but you
> > refuse to connect to a database until after you perform validation...
> > You do realise you can have several db connections open at one time, so
> > you could have one always open for the purpose of validation?
> > Potentially wasteful, but the architecture in this idea is a little
> > different from the norm.
> I also thought mysql_real_escape_string was dead since every DAL such PDO or
> others uses bindings to properly escape variables and a database related
> sanitize without database is quite useless, imho.
> Windows Live: Friends get your Flickr, Yelp, and Digg updates when they
> e-mail you.
Not everyone uses something like PDO, so yes, sanitising data with
mysql_real_escape_string does still happen.
The function clearly states that it needs an open connection to work, so
that leaves two choices really: 1) open a damn connection! or 2)
reinvent the wheel and create a function which mimics the behavior of