On Tue, 2009-10-20 at 14:20 +0200, Andrea Giammarchi wrote:

> > Your only option might be to do something "smart". You can't use the
> > proper mysql functions without a connection to a database, but you
> > refuse to connect to a database until after you perform validation...
> > 
> > You do realise you can have several db connections open at one time, so
> > you could have one always open for the purpose of validation?
> > Potentially wasteful, but the architecture in this idea is a little
> > different from the norm.
> I also thought mysql_real_escape_string was dead since every DAL such PDO or 
> others uses bindings to properly escape variables and a database related 
> sanitize without database is quite useless, imho.
> Regards
> _________________________________________________________________
> Windows Live: Friends get your Flickr, Yelp, and Digg updates when they 
> e-mail you.
> http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092010

Not everyone uses something like PDO, so yes, sanitising data with
mysql_real_escape_string does still happen.

The function clearly states that it needs an open connection to work, so
that leaves two choices really: 1) open a damn connection! or 2)
reinvent the wheel and create a function which mimics the behavior of
this one.


Reply via email to