Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:63932 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 53954 invoked from network); 16 Nov 2012 17:42:41 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 16 Nov 2012 17:42:41 -0000 Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain lerdorf.com from 209.85.216.170 cause and error) X-PHP-List-Original-Sender: rasmus@lerdorf.com X-Host-Fingerprint: 209.85.216.170 mail-qc0-f170.google.com Received: from [209.85.216.170] ([209.85.216.170:35511] helo=mail-qc0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id EC/A7-08060-01B76A05 for ; Fri, 16 Nov 2012 12:42:41 -0500 Received: by mail-qc0-f170.google.com with SMTP id d42so2130288qca.29 for ; Fri, 16 Nov 2012 09:42:38 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding:x-gm-message-state; bh=4FgmgTa79PwPTggfV66N7dmsgwyjlFezbDNzWmS5/Ag=; b=iQLl00qWatMEn8p5KYsN7s1BXntdRv05qSnfo9571HRvqHm7qcKWDTT/sGuviO+omf jW0TR6uXHX743c5oc58/fydf6z1z5v9heEZ8XW/sRcKox+NH6jLsOKF0naad+QPpery3 6W9tLwegevo134VLDUhbHDpUcIzwWFuzDIhnRufDJ142qA6lamsXht2Gb/qw9fiLpSOK wHBPfKvmYgF+F1DTTYpjdlMNf2XuxJL20F9gsM/ycJWUjqXPqc5LiqjK71o1RzBThnQK O8cQEIQXfpFQVc/S38ZE/tbLIH5kUj2Qwha2PCXJFZW1oG9IQdoxAqCERPoXCHKJc29w yd0Q== Received: by 10.224.78.148 with SMTP id l20mr5100442qak.27.1353087758447; Fri, 16 Nov 2012 09:42:38 -0800 (PST) Received: from [192.168.200.148] (c-50-131-44-225.hsd1.ca.comcast.net. [50.131.44.225]) by mx.google.com with ESMTPS id x19sm1143660qeq.12.2012.11.16.09.42.34 (version=SSLv3 cipher=OTHER); Fri, 16 Nov 2012 09:42:35 -0800 (PST) Message-ID: <50A67B09.4060808@lerdorf.com> Date: Fri, 16 Nov 2012 09:42:33 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121028 Thunderbird/16.0.2 MIME-Version: 1.0 To: Patrick ALLAERT CC: Adam Harvey , PHP internals References: <50A6691E.2080102@lerdorf.com> In-Reply-To: X-Enigmail-Version: 1.4.5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQkLdEBiLxNfwiN/C3ttAgyX5NX0K3q28OBsBjIH352c/G9FmhVzwMayU5MQfS3MrP7YAmcN Subject: Re: [PHP-DEV] Re: mysql_escape() issue (Was: [PHP-DEV] RFC: ext/mysql deprecation) From: rasmus@lerdorf.com (Rasmus Lerdorf) On 11/16/2012 09:32 AM, Patrick ALLAERT wrote: > 2012/11/16 Rasmus Lerdorf : >> On 11/16/2012 02:18 AM, Patrick ALLAERT wrote: >>> In eZ Publish CMS, we have recently removed [1] support for the mysql >>> handler in favour of the mysqli one and as such, we have no more >>> mysql_*() functions calls except for the above use case where we rely >>> on mysql_escape(). >> >> I suppose you mean mysql_real_escape_string() here. There is no >> mysql_escape() function and mysql_escape_string() is already marked as >> deprecated as of 5.3. >> >> -Rasmus > > Sorry, I meant mysql_escape_string(). > I missed the fact it was already deprecated and as such, we have an > issue here in our code base since nor mysql_real_escape_string() nor > mysqli_real_escape_string() fits our use case as we are using it when > we have to generate an SQL file with queries to be executed on another > box. Not having access to a database prevents us to have a link which > is required by those functions. But without a link you don't know which charset the db is in and therefore you can't reliably escape a query. In your case you can do a custom escape thing based on the fact that you might know the destination charset, but PHP on its own can't. -Rasmus