On 5 Oct 2011, at 02:07, Jeremiah Dodds wrote:

> On Tue, Oct 4, 2011 at 7:51 PM, Stuart Dallas <stu...@3ft9.com> wrote:
>> As for the overhead I very much doubt there's much difference between that 
>> and the overhead of prepared statements.
> Probably not. As an aside, I'm really struggling to find a case where
> it'd be worth base64-encoding the queries like that unless you were
> both concerned about someone sniffing your queries over the wire and
> sure that they wouldn't think to base-64 decode them. Not to mention
> that if your grand idea to prevent eavesdropping is simple transforms,
> you've got a larger problem on your hands.

I don't see a reason to use base64 to solve the SQL injection problem either, 
especially with prepared statements available, but that doesn't mean it won't 

As far as protecting data during transit, that's what SSL is for. Base64 is not 
an encryption mechanism.

> It *will* work, as mysql's base64 decoder won't evaluate the decoded
> string as a statement, afaik, but it will also expand the size of
> stuff by around 30% while having a, imo, much better solution widely
> available.

It will indeed increase the size of the queries, but unless you're running 
Facebook, LAN capacity is very rarely a bottleneck.


Stuart Dallas
3ft9 Ltd
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to