On Fri, 15 Jan 2010 16:22:46 -0600 (CST), "Richard Lynch" wrote:

> The subject line says it all:
> mysql_real_escape_string(0xffffffff) yields -1

Says nothing. Are you really asking PHP to convert an
integer literal to string before passing it to m_r_e_s?
That could easily explain the "-1", and I wouldn't be
the least bit surprised if the behaviour varies across
different versions of PHP.

> What's up with that?
> Is there some way to convince mysql_real_escape_string to use BIGINT?
> I guess I'll just PCRE for digits and then pass it in and...
> But what if somebody passes in some BC Math number?...

I think you are confused. mysql_real_escape_string() works
on strings and doesn't care how many 'f' there are or what
a BIGINT is. You're most likely passing "-1" to m_r_e_s.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to