Jump to content

Archived

This topic is now archived and is closed to further replies.

AncientSage

mysql_real_escape_string

Recommended Posts

Hello,

Quick question, does the mysql_real_escape_string function have the ability to be used for other databases and such? Or perhaps not even a database at all, or is it a MySQL only function?

If not, then I guess I'll be using addslashes, which is an older less recommended function, is it not?

Thanks.

Share this post


Link to post
Share on other sites
The manual states:

[quote]
Parameters

unescaped_string
    The string that is to be escaped.
link_identifier
    The MySQL connection. [b]If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If by chance no connection is found or established, an E_WARNING level warning is generated.[/b]
[/quote]

In other words, it's going to look for a MySQL connection.

You can:

[list]
[*]Check the manual to see if another database has a similar function; or
[*]Recreate the function to be used for that (or any) database, based on the information that the manual provides:[/list]
[quote]
mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.
[/quote]

Share this post


Link to post
Share on other sites
Another way that you can avoid database insertion is using something like [code=php:0]preg_match[/code]. Just filter your input to see if any of the troublesome keys are present.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.