Octarine Posted January 26, 2012 Share Posted January 26, 2012 (edited) Topic Moved Edited February 16, 2012 by Octarine Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted January 26, 2012 Share Posted January 26, 2012 Me never ever said I wrote my own escaping function, I just said that using mysqli and binding the values will make you safe (if it's not then please point me to some link as I really don't find any info going against this): http://php.net/manual/en/mysqli-stmt.bind-param.php $stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)"); $stmt->bind_param('sssd', $code, $language, $official, $percent); BTW MySQL seems to slowly go deprecated replaced by MySQLi or PDO Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted January 26, 2012 Share Posted January 26, 2012 Gaps indeed, I didn't remembered that one, yes was in Zap indeed. Now I don't fully remember why I didn't used the mysql_real_escape_string, could be that at that time one host was still not PHP 4.3 or newer ? I don't remember, so I had to write one for that. I fully agree here with you, don't do it yourself, better use what the DB offer. And personally I would say better use MySQLi and bind_params instead of inserting the data in the query... Or even better switch to C# and use LINQ ;) Anyhow thanks for coming back with that code, was totally gone from my memory I admit! Quote Link to comment Share on other sites More sharing options...
SHAD Posted January 27, 2012 Share Posted January 27, 2012 Seems to me, almost to non of above practices( on Login pages) are performed in mccodes, even redux! And to Octarine; a well written and understable article, good work! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.