[nycphp-talk] escaping % and _ in a MySQL query
Chris Shiflett
shiflett at php.net
Sun Oct 31 01:53:42 EST 2004
--- Adam Maccabee Trachtenberg <adam at trachtenberg.com> wrote:
> I prefer str_replace() to preg_replace(), but this is
> essentially what I do.
Can you explain what mysql_escape_string() isn't escaping?
> Use the feature which allows you to pass multiple
> search/replace pairs as arrays to reduce this to one call.
Yes, we want a recipe in the 2nd edition. :-)
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming January 2005 http://httphandbook.org/
More information about the talk
mailing list