Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:63933 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 55500 invoked from network); 16 Nov 2012 17:50:26 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 16 Nov 2012 17:50:26 -0000 Authentication-Results: pb1.pair.com header.from=patrick.allaert@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=patrick.allaert@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.83.42 as permitted sender) X-PHP-List-Original-Sender: patrick.allaert@gmail.com X-Host-Fingerprint: 74.125.83.42 mail-ee0-f42.google.com Received: from [74.125.83.42] ([74.125.83.42:43200] helo=mail-ee0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id EE/F7-08060-1EC76A05 for ; Fri, 16 Nov 2012 12:50:25 -0500 Received: by mail-ee0-f42.google.com with SMTP id t10so1890147eei.29 for ; Fri, 16 Nov 2012 09:50:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=pFOFcN/288vtDqy7yg0d8vO1qxjUob67sKMZoQrytoI=; b=nHV/Jop9k1GRX2OIG2m0GJslUw9hkW770GQdBwID5PoSO9ymmJZaiW9i+fLEjwQgtL 6dLSj1mgrbX80bCbSWV0IVZMwh+au7SPbLuXEew0fE5FcC1iG/JcgJnfZz8l5EYQRnGa dTjcN6r/Imy086RaqZtxgf9jnzSfO0Dr9pKRJUqeQf3QoUjgoW9Pwm3eyHIgefjqTW9P 3cx51VyzGK+wwE2NNpOj1ClETha8jsG34FGVN3wLC1zV5varxN6iSVC89ZOplvTk7a5X 5ppCace/7JmaMEglFoIF/fkjvZyb0f8kNRED65iJ+rbADi+nZKfxlJS4D2U6SbYa2u/1 hU4Q== MIME-Version: 1.0 Received: by 10.14.175.71 with SMTP id y47mr15502102eel.36.1353088222451; Fri, 16 Nov 2012 09:50:22 -0800 (PST) Sender: patrick.allaert@gmail.com Received: by 10.14.129.193 with HTTP; Fri, 16 Nov 2012 09:50:22 -0800 (PST) In-Reply-To: <50A67B09.4060808@lerdorf.com> References: <50A6691E.2080102@lerdorf.com> <50A67B09.4060808@lerdorf.com> Date: Fri, 16 Nov 2012 18:50:22 +0100 X-Google-Sender-Auth: 1ojkoBnC94iEwMvqZk2DJszUWA0 Message-ID: To: Rasmus Lerdorf Cc: Adam Harvey , PHP internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Re: mysql_escape() issue (Was: [PHP-DEV] RFC: ext/mysql deprecation) From: patrickallaert@php.net (Patrick ALLAERT) 2012/11/16 Rasmus Lerdorf : > On 11/16/2012 09:32 AM, Patrick ALLAERT wrote: >> 2012/11/16 Rasmus Lerdorf : >>> On 11/16/2012 02:18 AM, Patrick ALLAERT wrote: >>>> In eZ Publish CMS, we have recently removed [1] support for the mysql >>>> handler in favour of the mysqli one and as such, we have no more >>>> mysql_*() functions calls except for the above use case where we rely >>>> on mysql_escape(). >>> >>> I suppose you mean mysql_real_escape_string() here. There is no >>> mysql_escape() function and mysql_escape_string() is already marked as >>> deprecated as of 5.3. >>> >>> -Rasmus >> >> Sorry, I meant mysql_escape_string(). >> I missed the fact it was already deprecated and as such, we have an >> issue here in our code base since nor mysql_real_escape_string() nor >> mysqli_real_escape_string() fits our use case as we are using it when >> we have to generate an SQL file with queries to be executed on another >> box. Not having access to a database prevents us to have a link which >> is required by those functions. > > But without a link you don't know which charset the db is in and > therefore you can't reliably escape a query. In your case you can do a > custom escape thing based on the fact that you might know the > destination charset, but PHP on its own can't. We are defining the charset used at the beginning of the generated file and wish it could be possible to pass the charset rather than a link which is what is really needed. Looks like a valid feature request to me. Would make sense only for the procedural call of course. The first argument could then be a resource or a string.