|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2006-04-07 17:03 UTC] tony2001@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sun Dec 21 01:00:01 2025 UTC |
Description: ------------ In perl+mysql qyury params may by autoescaped, in php i must user mysql_escape_string, wy not exists function like this: use $ecaped_query = mysql_make_query("select * from table where id=? and field2=? ORDER BY ID",1,'Here i may savely put any data this " and over untrusted symbols'); Reproduce code: --------------- function mysql_make_query() { $num_args = func_num_args(); if ($num_args==0) return ''; $format = func_get_arg(0); if ($num_args==1) return $format; $strings = explode('?',$format); $result = array_shift($strings); for ($i=1;$i<$num_args;$i++) { $result .= "'".mysql_escape_string(func_get_arg($i))."'";//'" $result .= array_shift($strings); } return $result; }