php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #37011 I need autoescape fot mysql code
Submitted: 2006-04-07 16:56 UTC Modified: 2006-04-07 17:03 UTC
From: kpoxa at kpoxa dot net Assigned:
Status: Wont fix Package: Feature/Change Request
PHP Version: 4.4.2 OS: Any
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: kpoxa at kpoxa dot net
New email:
PHP Version: OS:

 

 [2006-04-07 16:56 UTC] kpoxa at kpoxa dot net 
Description:
------------
In perl+mysql qyury params may by autoescaped,
in php i must user mysql_escape_string,
wy not exists function like this:

use 

$ecaped_query = mysql_make_query("select * from table where id=? and field2=? ORDER BY ID",1,'Here i may savely put any data this " and over untrusted symbols');

Reproduce code:
---------------
function mysql_make_query() {
    $num_args = func_num_args();
    if ($num_args==0) return '';
    $format = func_get_arg(0);
    if ($num_args==1) return $format;

    $strings = explode('?',$format);
    $result  = array_shift($strings);
    for ($i=1;$i<$num_args;$i++) {
        $result .= "'".mysql_escape_string(func_get_arg($i))."'";//'"
        $result .= array_shift($strings);
    }
    return $result;
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-04-07 17:03 UTC] tony2001@php.net 
Use PDO_MYSQL for that.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Jul 12 13:01:33 2025 UTC