>> Is it possible to have a "meeting of the minds" to come up with (an) 
>> appropriate method(s)?


> Minds, meet prepared statements :)


> PDO is the way to go :D


Not to refute the above advice one bit (not to mention oppose the arguments 
against escaping in general) ...  but just curious - can anyone demo a hack 
that effectively injects past mysqli_real_escape_string(), while using utf-8 ?  
It may just be a matter of time (or already?) before mysqli_real_escape_string 
is *proven* ineffective (w/utf-8) ... but here I am just attempting to gather 
facts.

Thanks
-Govinda


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to