On 5 Oct 2011, at 02:07, Jeremiah Dodds wrote:
> On Tue, Oct 4, 2011 at 7:51 PM, Stuart Dallas <stu...@3ft9.com> wrote:
>> As for the overhead I very much doubt there's much difference between that
>> and the overhead of prepared statements.
> Probably not. As an aside, I'm really struggling to find a case where
> it'd be worth base64-encoding the queries like that unless you were
> both concerned about someone sniffing your queries over the wire and
> sure that they wouldn't think to base-64 decode them. Not to mention
> that if your grand idea to prevent eavesdropping is simple transforms,
> you've got a larger problem on your hands.
I don't see a reason to use base64 to solve the SQL injection problem either,
especially with prepared statements available, but that doesn't mean it won't
As far as protecting data during transit, that's what SSL is for. Base64 is not
an encryption mechanism.
> It *will* work, as mysql's base64 decoder won't evaluate the decoded
> string as a statement, afaik, but it will also expand the size of
> stuff by around 30% while having a, imo, much better solution widely
It will indeed increase the size of the queries, but unless you're running
Facebook, LAN capacity is very rarely a bottleneck.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php