PHP :: Request #37011 :: I need autoescape fot mysql code

Request #37011	I need autoescape fot mysql code
Submitted:	2006-04-07 16:56 UTC	Modified:	2006-04-07 17:03 UTC
From:	kpoxa at kpoxa dot net	Assigned:
Status:	Wont fix	Package:	Feature/Change Request
PHP Version:	4.4.2	OS:	Any
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	kpoxa at kpoxa dot net
New email:
PHP Version:		OS:

New/Additional Comment:

[2006-04-07 16:56 UTC] kpoxa at kpoxa dot net

Description:
------------
In perl+mysql qyury params may by autoescaped,
in php i must user mysql_escape_string,
wy not exists function like this:

use 

$ecaped_query = mysql_make_query("select * from table where id=? and field2=? ORDER BY ID",1,'Here i may savely put any data this " and over untrusted symbols');

Reproduce code:
---------------
function mysql_make_query() {
    $num_args = func_num_args();
    if ($num_args==0) return '';
    $format = func_get_arg(0);
    if ($num_args==1) return $format;

    $strings = explode('?',$format);
    $result  = array_shift($strings);
    for ($i=1;$i<$num_args;$i++) {
        $result .= "'".mysql_escape_string(func_get_arg($i))."'";//'"
        $result .= array_shift($strings);
    }
    return $result;
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-04-07 17:03 UTC] tony2001@php.net

Use PDO_MYSQL for that.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Jun 18 04:01:32 2024 UTC