AncientSage Posted August 2, 2006 Share Posted August 2, 2006 Hello,Quick question, does the mysql_real_escape_string function have the ability to be used for other databases and such? Or perhaps not even a database at all, or is it a MySQL only function?If not, then I guess I'll be using addslashes, which is an older less recommended function, is it not?Thanks. Quote Link to comment Share on other sites More sharing options...
effigy Posted August 2, 2006 Share Posted August 2, 2006 The manual states:[quote]Parametersunescaped_string The string that is to be escaped. link_identifier The MySQL connection. [b]If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If by chance no connection is found or established, an E_WARNING level warning is generated.[/b][/quote]In other words, it's going to look for a MySQL connection.You can:[list][*]Check the manual to see if another database has a similar function; or[*]Recreate the function to be used for that (or any) database, based on the information that the manual provides:[/list][quote]mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.[/quote] Quote Link to comment Share on other sites More sharing options...
tomfmason Posted August 2, 2006 Share Posted August 2, 2006 Another way that you can avoid database insertion is using something like [code=php:0]preg_match[/code]. Just filter your input to see if any of the troublesome keys are present. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.