From: Ashley Sheridan

> On Tue, 2009-10-20 at 14:20 +0200, Andrea Giammarchi wrote:
>> > Your only option might be to do something "smart". You can't use
>> > proper mysql functions without a connection to a database, but you
>> > refuse to connect to a database until after you perform
>> > 
>> > You do realise you can have several db connections open at one
time, so
>> > you could have one always open for the purpose of validation?
>> > Potentially wasteful, but the architecture in this idea is a little
>> > different from the norm.
>> I also thought mysql_real_escape_string was dead since every DAL such
>> PDO or others uses bindings to properly escape variables and a
>> related sanitize without database is quite useless, imho.
> Not everyone uses something like PDO, so yes, sanitising data with
> mysql_real_escape_string does still happen.
> The function clearly states that it needs an open connection to work,
> that leaves two choices really: 1) open a damn connection! or 2)
> reinvent the wheel and create a function which mimics the behavior of
> this one.

Is the database connection used to determine the character encoding to
be used before it inserts new characters into the strings? Would that
make a difference in this case?

Bob McConnell

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to