On Tue, 2009-10-20 at 14:20 +0200, Andrea Giammarchi wrote: > > > Your only option might be to do something "smart". You can't use the > > proper mysql functions without a connection to a database, but you > > refuse to connect to a database until after you perform validation... > > > > You do realise you can have several db connections open at one time, so > > you could have one always open for the purpose of validation? > > Potentially wasteful, but the architecture in this idea is a little > > different from the norm. > > I also thought mysql_real_escape_string was dead since every DAL such PDO or > others uses bindings to properly escape variables and a database related > sanitize without database is quite useless, imho. > > Regards > > _________________________________________________________________ > Windows Live: Friends get your Flickr, Yelp, and Digg updates when they > e-mail you. > http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092010
Not everyone uses something like PDO, so yes, sanitising data with mysql_real_escape_string does still happen. The function clearly states that it needs an open connection to work, so that leaves two choices really: 1) open a damn connection! or 2) reinvent the wheel and create a function which mimics the behavior of this one. Thanks, Ash http://www.ashleysheridan.co.uk
