I have been using php/mysql for a while now, I want to sanitize all my super globals on the start of program where i havent connected to any database yet. Is there any other php defined function to make variables sql safe. And can anyone tell me why an active mysql connection is required before using mysql_real_escapce_string
Asked
Active
Viewed 1,184 times
2 Answers
4
I want to sanitize all my super globals on the start of program.
That isn't the best idea. You should sanitise variables based on context. If you run all of the variables through mysql_real_escape_string(), you may find you have issues when you want to use a variable outside of a SQL context.
Is there any other PHP defined function to make variables SQL safe?
You could use bound parameters with a library such as PDO.
Can anyone tell me why an active MySQL connection is required before using
mysql_real_escape_string()?
I believe it is because the function needs to know the character set that the database is using so it can escape correctly.
alex
- 479,566
- 201
- 878
- 984
-1
This idea is utterly wrong.
- There is no point in doing bulk sanitization. In fact, you are trying to reinvent infamous magic quotes feature which were finally banned from the language in the last release. Think of it.
- "mysql_real_escape_sequence" does not make the "data" "safe" anyway.
With mysql_real_escape_string() you have to escape SQL strings only. At the time they are going to the query. Any string, not only one coming from the request. Think of it.
Your Common Sense
- 156,878
- 40
- 214
- 345
-
Thanks for the answer sir, but what do you mean by "does not make the data safe" . Does not the function mysql_real_escape_sequence take care of all probable mysql injections . – Bishal Jul 06 '12 at 12:45
-
that is not utterly wrong. it is a good idea to sanitize input at the start of any code - whatever you do, it is safer. and no, magic quotes was not banned because of bulk sanitization - magic quotes was banned because people were NOT sanitizing. – unity100 Feb 28 '13 at 22:14