Re: [PHP] mysql_real_escape_string paranoid enough?

At 11:41 AM -0500 3/20/09, Richard Lynch wrote: I typically do something like this: $data_sql = mysql_real_escape_string($data, $connection); $query = insert into data(data) values('$data_sql'); $insert = mysql_query($query, $connection); if (!$insert){ trigger_error(mysql_error($connection),

Re: [PHP] mysql_real_escape_string paranoid enough?

On Fri, 20 Mar 2009 09:49:23 -0700, mike wrote: Slightly off topic here, but I find it annoying to have to use the connection identifier for the mysqli_real_escape_string. It would be great if there was a function that I could say mysql_escape_string that is using utf-8 instead of default,

Re: [PHP] mysql_real_escape_string paranoid enough?

2009/3/21 Nisse Engström news.nospam.0ixbt...@luden.se: I tend to use the escape functions in very close proximity to the actual query, so I don't see a problem with supplying a connection identifier. Except unless explicitly specified, my applications do not require a connection identifier

Re: [PHP] mysql_real_escape_string paranoid enough?

On Sat, 2009-03-21 at 15:37 -0700, mike wrote: 2009/3/21 Nisse Engström news.nospam.0ixbt...@luden.se: I tend to use the escape functions in very close proximity to the actual query, so I don't see a problem with supplying a connection identifier. Except unless explicitly specified, my

Re: [PHP] mysql_real_escape_string paranoid enough?

I typically do something like this: $data_sql = mysql_real_escape_string($data, $connection); $query = insert into data(data) values('$data_sql'); $insert = mysql_query($query, $connection); if (!$insert){  trigger_error(mysql_error($connection), E_USER_ERROR); } My custom error handler

Re: [PHP] mysql_real_escape_string paranoid enough?

2009/3/21 Robert Cummings rob...@interjinn.com: Yes, I'm a big fan of automatic database connection identifiers. Why just the other week I was integrating ZenCart into another system and I couldn't understand why ZenCart wasn't able to properly retrieve the last_insert_id(). After digging

[PHP] mysql_real_escape_string paranoid enough?

I typically do something like this: $data_sql = mysql_real_escape_string($data, $connection); $query = insert into data(data) values('$data_sql'); $insert = mysql_query($query, $connection); if (!$insert){ trigger_error(mysql_error($connection), E_USER_ERROR); } My custom error handler logs

Re: [PHP] mysql_real_escape_string paranoid enough?

On Fri, Mar 20, 2009 at 9:41 AM, Richard Lynch c...@l-i-e.com wrote: I typically do something like this: $data_sql = mysql_real_escape_string($data, $connection); $query = insert into data(data) values('$data_sql'); $insert = mysql_query($query, $connection); if (!$insert){  

Re: [PHP] mysql_real_escape_string paranoid enough?

2009/3/20 Richard Lynch c...@l-i-e.com: I typically do something like this: $data_sql = mysql_real_escape_string($data, $connection); $query = insert into data(data) values('$data_sql'); $insert = mysql_query($query, $connection); if (!$insert){  trigger_error(mysql_error($connection),