PHP Bugs: #14419: Please use Character-enable mysql

Bug #14419	Please use Character-enable mysql_escape
Submitted:	11 Dec 2001 3:41am UTC	Modified:	1 Jun 2002 1:02pm UTC
From:	ycheng at sinica dot edu dot tw	Assigned to:	zak
Status:	Closed	Category:	MySQL related
Version:	4.1.0	OS:	All

View/Vote Developer Edit Submission

Welcome! If you don't have a SVN account, you can't do anything here. You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

SVN Username:		SVN Password:		Remember:

Quick Fix:
Status:		Assign to:
Category:
Summary:
From:	ycheng at sinica dot edu dot tw
New email:
Version:		OS:

New/Additional Comment:

[11 Dec 2001 3:41am UTC] ycheng at sinica dot edu dot tw

in file php-4.1.0/ext/mysql/php_mysql.c line 1365
-------------------------------
Z_STRLEN_P(return_value) = mysql_escape_string(Z_STRVAL_P(return_value),
Z_STRVAL_PP(str), Z_STRLEN_PP(str));
-------------------------------
could you change from
mysq_escape_string into mysql_
to something like
#if MYSQL_VERSION_ID < 32321
        len = mysql_escape_string(out, in, size);
#else
        if (self) {
                check_connection(self);
                len = mysql_real_escape_string(&(self->connection), out,
in, size);
        }
        else
                len = mysql_escape_string(out, in, size);
#endif

(quote from mysql python module)

[31 Dec 2001 7:11pm UTC] zak@php.net

Thanks for the suggestion!

I will investigate this.

[1 Jun 2002 1:02pm UTC] georg@php.net

Thank you for your bug report. This issue has already been fixed
in the latest released version of PHP, which you can download at 
http://www.php.net/downloads.php

Since Version 4.0.2 we have the php function mysql_real_escape_string.
The function mysql_escape_string is deprecated. (Also described in the
manual)

Georg


	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| login

go to bug id or search bugs for