NYCPHP Meetup

NYPHP.org

[nycphp-talk] escaping % and _ in a MySQL query

Chris Shiflett shiflett at php.net
Sun Oct 31 01:53:42 EST 2004


--- Adam Maccabee Trachtenberg <adam at trachtenberg.com> wrote:
> I prefer str_replace() to preg_replace(), but this is
> essentially what I do.

Can you explain what mysql_escape_string() isn't escaping?

> Use the feature which allows you to pass multiple
> search/replace pairs as arrays to reduce this to one call.

Yes, we want a recipe in the 2nd edition. :-)

Chris

=====
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly     HTTP Developer's Handbook - Sams
Coming January 2005         http://httphandbook.org/



More information about the talk mailing list