Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:31793
Return-Path: <addw@phcomp.co.uk>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 97485 invoked by uid 1010); 21 Aug 2007 15:34:22 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 97469 invoked from network); 21 Aug 2007 15:34:21 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Aug 2007 15:34:21 -0000
Authentication-Results: pb1.pair.com header.from=addw@phcomp.co.uk; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=addw@phcomp.co.uk; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain phcomp.co.uk designates 213.152.38.186 as permitted sender)
X-PHP-List-Original-Sender: addw@phcomp.co.uk
X-Host-Fingerprint: 213.152.38.186 freshmint.phcomp.co.uk Linux 2.5 (sometimes 2.4) (4)
Received: from [213.152.38.186] ([213.152.38.186:61881] helo=mint.phcomp.co.uk)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 12/00-31303-9E50BC64 for <internals@lists.php.net>; Tue, 21 Aug 2007 11:34:09 -0400
Received: from addw by mint.phcomp.co.uk with local (Exim 4.67)
	(envelope-from <addw@phcomp.co.uk>)
	id 1INVi0-0003TM-RI; Tue, 21 Aug 2007 16:31:56 +0100
Date: Tue, 21 Aug 2007 16:31:56 +0100
To: Stut <stuttle@gmail.com>
Cc: internals@lists.php.net
Message-ID: <20070821153156.GS30758@mint.phcomp.co.uk>
References: <46CB041D.7090604@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <46CB041D.7090604@gmail.com>
User-Agent: Mutt/1.4.1i
Organization: Parliament Hill Computers Ltd
Subject: Re: [PHP-DEV] Addslashes still recommended for DB input
From: addw@phcomp.co.uk (Alain Williams)

On Tue, Aug 21, 2007 at 04:26:21PM +0100, Stut wrote:

> As far as I was aware addslashes is inadequate for this purpose. Should 
> this not point people to use database-specific escaping functions rather 
> than addslashes?

Yes, even better use placeholders (if the DB API supports it).

-- 
Alain Williams
Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256  http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
Chairman of UKUUG: http://www.ukuug.org/
#include <std_disclaimer.h>