aidan Wed Sep 29 12:26:30 2004 EDT
Modified files:
/phpdoc/en/reference/mysql/functions mysql-real-escape-string.xml
Log:
Reverting my revert, bug #30274 is correct
http://cvs.php.net/diff.php/phpdoc/en/reference/mysql/functions/mysql-real-escape-string.xml?r1=1.19&r2=1.20&ty=u
Index: phpdoc/en/reference/mysql/functions/mysql-real-escape-string.xml
diff -u phpdoc/en/reference/mysql/functions/mysql-real-escape-string.xml:1.19
phpdoc/en/reference/mysql/functions/mysql-real-escape-string.xml:1.20
--- phpdoc/en/reference/mysql/functions/mysql-real-escape-string.xml:1.19 Wed
Sep 29 12:24:43 2004
+++ phpdoc/en/reference/mysql/functions/mysql-real-escape-string.xml Wed Sep 29
12:26:30 2004
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.19 $ -->
+<!-- $Revision: 1.20 $ -->
<!-- splitted from ./en/functions/mysql.xml, last change in rev 1.100 -->
<refentry id="function.mysql-real-escape-string">
<refnamediv>
@@ -88,7 +88,7 @@
// We didn't check $_POST['password'], it could be anything the user wanted! For
example:
$_POST['username'] = 'aidan';
-$_POST['password'] = "' OR 1=1";
+$_POST['password'] = "' OR ''='";
// This means the query sent to MySQL would be:
echo $query;
@@ -100,7 +100,7 @@
</para>
<screen>
<![CDATA[
-SELECT * FROM users WHERE name='aidan' AND password='' OR 1=1
+SELECT * FROM users WHERE name='aidan' AND password='' OR ''=''
]]>
</screen>
<para>
