NYCPHP Meetup

[nycphp-talk] Not-so-subtle attack on PHP

Cliff Hirsch cliff at pinestream.com
Wed Sep 26 14:36:25 EDT 2007


> My personal favorite:
> public function esc( $value ) {
>   return mysql_real_escape_string( $value, $this->db );
> }

I like: return "'".mysql_real_escape_string( $value, $this->db ),"'";

Otherwise, I might forget to quote the result, rendering the function
useless.





More information about the talk mailing list