On Tuesday 04 Oct 2011 at 21:39 Stuart Dallas wrote:

> http://stut.net/2011/09/15/mysql-real-escape-string-is-not-enough/

Thanks. I followed this link through and read the full message (having missed 
it the first time round), and while I find the idea of using base64 to 
sanitise text interesting I can also forsee a few difficulties:

It would prevent anyone from accessing the database directly and getting 
meaningful results unless the en/decode is in triggers, or maybe stored 
procedures. No more one-off command-line queries.

How would you search an encoded column for matching text?

I'd be interested in any ideas folk have about these issues, or any others 
they can envisage with this proposal.



PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to