ID: 36692 Updated by: [EMAIL PROTECTED] -Summary: error in documentation Reported By: nobody at example dot com Status: Open Bug Type: Documentation problem Operating System: irrelevant PHP Version: Irrelevant New Comment:
Ok, tiny patch: http://www.colder.ch/patches/mysql-real-escape-string.patch Index: en/reference/mysql/functions/mysql-real-escape-string.xml =================================================================== RCS file: /repository/phpdoc/en/reference/mysql/functions/mysql-real-escape-string.xml,v retrieving revision 1.25 diff -u -r1.25 mysql-real-escape-string.xml --- en/reference/mysql/functions/mysql-real-escape-string.xml 3 Jan 2006 08:46:20 -0000 1.25 +++ en/reference/mysql/functions/mysql-real-escape-string.xml 11 Mar 2006 11:34:09 -0000 @@ -128,7 +128,7 @@ if (get_magic_quotes_gpc()) { $value = stripslashes($value); } - // Quote if not integer + // Quote if not a number or a numeric string if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value) . "'"; } Previous Comments: ------------------------------------------------------------------------ [2006-03-11 01:28:07] nobody at example dot com is_int(), not int(). ------------------------------------------------------------------------ [2006-03-11 01:26:04] nobody at example dot com Description: ------------ On the documentation for mysql_real_escape_string at http://us2.php.net/manual/en/function.mysql-real-escape-string.php : // Quote if not integer if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value) . "'"; } This is blatantly incorrect. is_numeric() does *not* test whether something is an integer. This should probably be int() or ctype_digit() instead. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=36692&edit=1
