urgh.

Flisker · 08-12-2007, 11:44 PM

Hmm, thanks, but I'm still in the search for the one with the MySQL stuff

Beau · 08-12-2007, 11:57 PM

Originally Posted by Flisker

Hmm, thanks, but I'm still in the search for the one with the MySQL stuff

That is the MySQL stuff. Anything else is completely unnecessary.

Flisker · 09-12-2007, 12:00 AM

i saw it int he thread which stopped the UPDATE tag etc

Beau · 09-12-2007, 12:09 AM

But theoretically, wouldn't you be using the UPDATE statement in some of your queries? If you weren't, just don't give the MySQL user your application is running under access to that function.

mysql_real_escape_string, along with other safeguards like sprintf will prevent any SQL being run via form inputs. There isn't a need for anything else.

Flisker · 09-12-2007, 12:13 AM

SQL Injections

Beau · 09-12-2007, 12:15 AM

Obviously you're safeguarding against SQL injections. I wasn't expecting you to type in something like DROP database_name into your script

mysql_real_escape_string safeguards against SQL injections. You don't need another alternative, as it probably does exactly the same as the function you saw, if not more, with less server resources being taken up.

Flisker · 09-12-2007, 12:16 AM

ok, thanks

ill be showing the public the script i made soon

Thread: urgh.

Thread Tools

Posting Permissions