Hi,
I'm trying to insert a serialized data into mysql, but I does
mysql_real_escape_string() before inserting it.
INSERT IGNORE INTO `table` (`value`) VALUES
('a:3:{s:12:F1;s:6:nombre;s:11:F2;s:5:F3;s:16:F4;s:10:F5;}');
it result in
INSERT IGNORE INTO `table` (`value`) VALUES
On 14 May 2010 22:03, Spud. Ivan. spudm...@hotmail.com wrote:
I'm trying to insert a serialized data into mysql, but I does
mysql_real_escape_string() before inserting it.
INSERT IGNORE INTO `table` (`value`) VALUES
('a:3:{s:12:F1;s:6:nombre;s:11:F2;s:5:F3;s:16:F4;s:10:F5;}');
it result
On Fri, Jan 15, 2010 at 3:22 PM, Richard Lynch c...@l-i-e.com wrote:
The subject line says it all:
mysql_real_escape_string(0x) yields -1
What's up with that?
Is there some way to convince mysql_real_escape_string to use BIGINT?
I guess I'll just PCRE for digits and then pass it
LinuxManMikeC wrote:
On Fri, Jan 15, 2010 at 3:22 PM, Richard Lynch c...@l-i-e.com wrote:
The subject line says it all:
mysql_real_escape_string(0x) yields -1
What's up with that?
Is there some way to convince mysql_real_escape_string to use BIGINT?
I guess I'll just PCRE for
The subject line says it all:
mysql_real_escape_string(0x) yields -1
What's up with that?
Is there some way to convince mysql_real_escape_string to use BIGINT?
I guess I'll just PCRE for digits and then pass it in and...
But what if somebody passes in some BC Math number?...
--
Some
Richard Lynch wrote:
The subject line says it all:
mysql_real_escape_string(0x) yields -1
What's up with that?
Is there some way to convince mysql_real_escape_string to use BIGINT?
I guess I'll just PCRE for digits and then pass it in and...
But what if somebody passes in
This code:
$maybeDeleteClient=($_GET[maybeDeleteClient]);
$maybeDeleteClient=mysql_real_escape_string($db_billing,
$maybeDeleteClient); // this is line 53
gives this error:
Warning: mysql_real_escape_string() expects parameter 2 to be
resource, string given in
2009/7/11 Govinda govinda.webdnat...@gmail.com:
This code:
$maybeDeleteClient=($_GET[maybeDeleteClient]);
$maybeDeleteClient=mysql_real_escape_string($db_billing,
$maybeDeleteClient); // this is line 53
gives this error:
Warning: mysql_real_escape_string() expects parameter 2 to be
2009/7/11 Govinda govinda.webdnat...@gmail.com:
You're looking at the documentation for mysqli_real_escape_string but
using mysql_real_escape_string - notice the i in mysqli in the first
function name.
right. Thanks.
p.s. what is a resource compared to a string?
A resource is a variable
On Sat, Jul 11, 2009 at 17:51, Govindagovinda.webdnat...@gmail.com wrote:
as in a db connection
That's essentially a resource in reference to an object.
--
/Daniel P. Brown
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our
For the longest time, we were having a problem in the docs where
some mirrors were erroneously redirecting references to
mysqli_real_escape_string() to mysql_real_escape_string(). Should all
be fixed now (and certainly is on the US2 mirror).
In my case, I had somehow got the idea that the
At 11:41 AM -0500 3/20/09, Richard Lynch wrote:
I typically do something like this:
$data_sql = mysql_real_escape_string($data, $connection);
$query = insert into data(data) values('$data_sql');
$insert = mysql_query($query, $connection);
if (!$insert){
trigger_error(mysql_error($connection),
On Fri, 20 Mar 2009 09:49:23 -0700, mike wrote:
Slightly off topic here, but I find it annoying to have to use the
connection identifier for the mysqli_real_escape_string.
It would be great if there was a function that I could say
mysql_escape_string that is using utf-8 instead of default,
2009/3/21 Nisse Engström news.nospam.0ixbt...@luden.se:
I tend to use the escape functions in very close proximity to
the actual query, so I don't see a problem with supplying a
connection identifier.
Except unless explicitly specified, my applications do not require a
connection identifier
On Sat, 2009-03-21 at 15:37 -0700, mike wrote:
2009/3/21 Nisse Engström news.nospam.0ixbt...@luden.se:
I tend to use the escape functions in very close proximity to
the actual query, so I don't see a problem with supplying a
connection identifier.
Except unless explicitly specified, my
I typically do something like this:
$data_sql = mysql_real_escape_string($data, $connection);
$query = insert into data(data) values('$data_sql');
$insert = mysql_query($query, $connection);
if (!$insert){
trigger_error(mysql_error($connection), E_USER_ERROR);
}
My custom error handler
2009/3/21 Robert Cummings rob...@interjinn.com:
Yes, I'm a big fan of automatic database connection identifiers. Why
just the other week I was integrating ZenCart into another system and I
couldn't understand why ZenCart wasn't able to properly retrieve the
last_insert_id(). After digging
I typically do something like this:
$data_sql = mysql_real_escape_string($data, $connection);
$query = insert into data(data) values('$data_sql');
$insert = mysql_query($query, $connection);
if (!$insert){
trigger_error(mysql_error($connection), E_USER_ERROR);
}
My custom error handler logs
On Fri, Mar 20, 2009 at 9:41 AM, Richard Lynch c...@l-i-e.com wrote:
I typically do something like this:
$data_sql = mysql_real_escape_string($data, $connection);
$query = insert into data(data) values('$data_sql');
$insert = mysql_query($query, $connection);
if (!$insert){
2009/3/20 Richard Lynch c...@l-i-e.com:
I typically do something like this:
$data_sql = mysql_real_escape_string($data, $connection);
$query = insert into data(data) values('$data_sql');
$insert = mysql_query($query, $connection);
if (!$insert){
trigger_error(mysql_error($connection),
On Sat, 2009-02-21 at 19:19 +1300, Tim | iHostNZ wrote:
Hi everyone,
Can anyone here tell me why mysql_real_escape_string(asdasddas) returns an
empty string?
Just writing a data import...
Anyway, for security but also simply because i might have a ' in the string,
i need to escape it.
OK, thanks. I think you guys are right. It's just safer and simpler than
writing my function and probably not really slower either. need a db
connection anyway. Read a bit on the function and yeah, a bit of screwed up
binary data might yet cause funny errors although the xml is a feed from a
---
Use FreeOpenSourceSoftwares, Stop piracy, Let the developers live. Get
a Free CD of Ubuntu mailed to your door without any cost. Visit :
www.ubuntu.com
--
Hi everyone,
Can anyone here tell me why mysql_real_escape_string(asdasddas) returns an
empty string?
Just writing a data import...
Anyway, for security but also simply because i might have a ' in the string,
i need to escape it. Apparently it is good practice to use
mysql_real_escape_string()
On Fri, 29 Sep 2006 11:41:34 -0500 (CDT), Richard Lynch wrote:
Consider that the user could provide *ANY* string, of any size, of any
composition, for their Subject
Maybe they POST a worm in Subject, and it has no newlines, but still
manages to propogate through Outlook.
Or maybe it's
On Fri, September 29, 2006 8:34 pm, Chris Shiflett wrote:
I'm looking for a guide, a chart, a grid, an organized systemic
documentation of what data should be escaped how as it travels
through the glue that is PHP...
That's a great idea. Want to write it? :-) I'd be happy to help.
Okay.
We
On Thu, September 28, 2006 2:06 pm, tedd wrote:
I realize that you are not asking for an answer, but for a guide --
however -- isn't the real problem here simply one of injection? Just
stop the user from injecting stuff in the subject and that would fix
it right? Or, am I underestimating the
At 11:41 AM -0500 9/29/06, Richard Lynch wrote:
On Thu, September 28, 2006 2:06 pm, tedd wrote:
I realize that you are not asking for an answer, but for a guide --
however -- isn't the real problem here simply one of injection? Just
stop the user from injecting stuff in the subject and that
Richard Lynch wrote:
Though I confess, I'm sometimes at a loss how to properly escape
certain data for certain situations...
Here's an example:
Take the Subject of an email.
Sure, I've sanitized it to be sure there are no newlines for header
injection.
But now how do I properly escape
Hi gang:
In one of my snip-its, namely:
http://xn--ovg.com/pdf
I was generating a pdf document after the user filled in a form. I
had been cleaning the user input by using --
$name = mysql_real_escape_string($name);
-- even though I wasn't using MySQL (the code was a cut-paste from
some
On Thu, September 28, 2006 10:06 am, tedd wrote:
In one of my snip-its, namely:
http://xn--ovg.com/pdf
I was generating a pdf document after the user filled in a form. I
had been cleaning the user input by using --
$name = mysql_real_escape_string($name);
-- even though I wasn't using
At 11:06 AM -0500 9/28/06, Richard Lynch wrote:
What's up with that? Any ideas as to what happened?
One also has to ask WHY you would use MySQL's escaping for data that's
not going into MySQL.
That's almost certainly wrong
Richard:
Yes, according to:
At 11:06 AM -0500 9/28/06, Richard Lynch wrote:
Though I confess, I'm sometimes at a loss how to properly escape
certain data for certain situations...
Here's an example:
Take the Subject of an email.
Sure, I've sanitized it to be sure there are no newlines for header
injection.
But now how
The following function is from Larry Ullman's PHP and mySQL on page
217 -
script 6.8 - in which there is a connection to a mySQL database using
PHP.
My question is that I'm not sure of the global variable $dbc.
Hello Anthony,
The mysql_real_escape_string() requires a connection to the
Larry E . Ullman [EMAIL PROTECTED] wrote in message:
The mysql_real_escape_string() requires a connection to the database.
The connection identifier is defined in another script so it's brought
in using the global statement.
Hope that helps,
Larry
.
The following function is from Larry Ullman's PHP and mySQL on page 217 -
script 6.8 - in which there is a connection to a mySQL database using PHP.
My question is that I'm not sure of the global variable $dbc.
If I am to understand...this made up function escape_data() will receive a
piece of
dbc looks like a MySQL Connection Resource, a connection returned from
mysql_connect. It looks like this function is using the mysql escape
function to make sure the data is properly escaped for that particular
database. If you use a function other than mysql_real_escape_string you
can
Lo all,
Does mysql_real_escape_string exist? I've seen it in the manual pages, and
to my understanding, it is the proper function to call on strings to escape
them before inserting them into a database...
I've used it as follows:
$text[1] = mysql_real_escape_string($text[1]);
Does mysql_real_escape_string exist? I've seen it in the manual pages,
and
to my understanding, it is the proper function to call on strings to
escape
them before inserting them into a database...
mysql_real_escape_string() is only available in CVS version.
_
Mattias Eriksson
--
39 matches
Mail list logo