From f18c1e52b4eb799aff36d0071c07ec4dfe158382 Mon Sep 17 00:00:00 2001
From: Aidan Lister <aidan@php.net>
Date: Wed, 11 Aug 2004 08:40:28 +0000
Subject: [PATCH] Arrgh - Didn't read my diffs. Removed notes from bottom of
 file.

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@166022 c90b9560-bf6c-de11-be94-00142212c4b1
---
 .../mysql/functions/mysql-escape-string.xml    | 18 ++----------------
 1 file changed, 2 insertions(+), 16 deletions(-)

diff --git a/reference/mysql/functions/mysql-escape-string.xml b/reference/mysql/functions/mysql-escape-string.xml
index c3032d7707..7f54f5172a 100644
--- a/reference/mysql/functions/mysql-escape-string.xml
+++ b/reference/mysql/functions/mysql-escape-string.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.10 $ -->
+<!-- $Revision: 1.11 $ -->
 <!-- splitted from ./en/functions/mysql.xml, last change in rev 1.62 -->
   <refentry id="function.mysql-escape-string">
    <refnamediv>
@@ -91,18 +91,4 @@ End:
 vim600: syn=xml fen fdm=syntax fdl=2 si
 vim: et tw=78 syn=sgml
 vi: ts=1 sw=1
--->
-
-- mysql_escape_string calls MySQL's library function of the same name, which prepends slashes to the following characters: NUL (\x00), \n, \r, \, ', " and \x1a.
-
-- AddSlashes escapes NUL, ', " and \. 
-
-$query = "SELECT * FROM adresses WHERE name='$name' AND private='N'";
-
-mysql_query($query);
-?>
-
-Without mysql_escape_string a user could set name to "' OR 1=1 OR ''='"
-
-effectively leading to the query:
-SELECT * FROM adresses WHERE name='' OR 1=1 OR ''='' AND private='N' 
\ No newline at end of file
+-->
\ No newline at end of file