php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #65290 The doc for addslashes should not describe database escaping as the use case
Submitted: 2013-07-18 16:01 UTC Modified: 2013-07-22 23:26 UTC
From: stof at notk dot org Assigned: yohgaki (profile)
Status: Closed Package: Documentation problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: stof at notk dot org
New email:
PHP Version: OS:

 

 [2013-07-18 16:01 UTC] stof at notk dot org 
Description:
------------
Using addslashes to escape the input for the database is a really bad idea. But the doc of the function still describe it as the use case (and then warns that there is better ways to do it).

I think it would be better to avoid mentionning the database escaping for the use case of the function, to avoid teaching unsecure practices.
Lazy people would stop reading before the end of the description and only see the suggestion of using it for escaping.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-07-22 23:25 UTC] yohgaki@php.net 
Automatic comment from SVN on behalf of yohgaki
Revision: http://svn.php.net/viewvc/?view=revision&revision=331006
Log: Fix bug #65290
 [2013-07-22 23:26 UTC] yohgaki@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: yohgaki
 [2020-02-07 06:08 UTC] phpdocbot@php.net 
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=doc/en.git;a=commit;h=568ee52377b685f82c351e7df09005297207c587
Log: Fix bug #65290
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue May 21 15:01:34 2024 UTC