On 14 Oct 2005, at 04:48, David Robley wrote:
That is incorrect. mysql_real_escape_string is a php function, not
mysql.
Mostly true: mysql_real_escape_string is a php function, but it's
provided by the mysql extension as part of the mysql client libraries
(which explains the name). It
David Robley wrote:
Ben wrote:
snip
My understanding is that mysql_real_escape_string will only work while
you are connected to mysql. Not sure if that is the case in your
situation.
That is incorrect. mysql_real_escape_string is a php function, not mysql.
Actually, it's both. And yes,
Marcus Bointon wrote:
On 14 Oct 2005, at 04:48, David Robley wrote:
That is incorrect. mysql_real_escape_string is a php function, not
mysql.
Mostly true: mysql_real_escape_string is a php function, but it's
provided by the mysql extension as part of the mysql client libraries
(which
John Nichel wrote:
David Robley wrote:
Ben wrote:
snip
My understanding is that mysql_real_escape_string will only work while
you are connected to mysql. Not sure if that is the case in your
situation.
That is incorrect. mysql_real_escape_string is a php function, not mysql.
Actually,
Ben wrote:
My understanding is that mysql_real_escape_string will only work while
you are connected to mysql. Not sure if that is the case in your
situation.
At least it requires a connection to mysql. I had an error, when using
it without any connection opened before, that
On Fri, October 14, 2005 8:20 am, John Nichel wrote:
David Robley wrote:
Ben wrote:
snip
My understanding is that mysql_real_escape_string will only work
while
you are connected to mysql. Not sure if that is the case in your
situation.
That is incorrect. mysql_real_escape_string is a php
Is this a bit better ?
As directed, I 'sanitized' all user input variables with trim and
mysql_real_escape_string.
thanks for everyone's patience as I am starting at ground zero
concerning security.
if( isset($_REQUEST['cmd']) OR isset($_REQUEST['path'] ))
{
// decrypt and santize
Graham Anderson said the following on 10/13/05 15:31:
Is this a bit better ?
As directed, I 'sanitized' all user input variables with trim and
mysql_real_escape_string.
thanks for everyone's patience as I am starting at ground zero
concerning security.
if( isset($_REQUEST['cmd']) OR
Ben wrote:
Graham Anderson said the following on 10/13/05 15:31:
Is this a bit better ?
As directed, I 'sanitized' all user input variables with trim and
mysql_real_escape_string.
thanks for everyone's patience as I am starting at ground zero
concerning security.
if(
9 matches
Mail list logo