sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-16 00:48:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Noted the function is deprecated.

Browse source 
git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@166020 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Aidan Lister 2004-08-11 08:32:23 +00:00
parent 553243198a
commit 7725bc8c6b
1 changed files with 24 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
reference/mysql/functions/mysql-escape-string.xml
View file

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!-- $Revision: 1.9 $ -->
<!-- $Revision: 1.10 $ -->
<!-- splitted from ./en/functions/mysql.xml, last change in rev 1.62 -->
<refentry id="function.mysql-escape-string">
<refnamediv>
@ -53,6 +53,15 @@ Escaped string: Zak\'s Laptop
</screen>
</example>
</para>
<para>
<note>
<simpara>
This function has been deprecated since PHP 4.3.0.
Do not use this function. Use <function>mysql_real_escape_string</function>
instead.
</simpara>
</note>
</para>
<para>
See also
<function>mysql_real_escape_string</function>,
@ -83,3 +92,17 @@ vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->
- mysql_escape_string calls MySQL's library function of the same name, which prepends slashes to the following characters: NUL (\x00), \n, \r, \, ', " and \x1a.
- AddSlashes escapes NUL, ', " and \.
$query = "SELECT * FROM adresses WHERE name='$name' AND private='N'";
mysql_query($query);
?>
Without mysql_escape_string a user could set name to "' OR 1=1 OR ''='"
effectively leading to the query:
SELECT * FROM adresses WHERE name='' OR 1=1 OR ''='' AND private='N'