[wp-trac] Re: [WordPress Trac] #3286: Handling of escape sequences
is muddled and non-compatible
WordPress Trac
wp-trac at lists.automattic.com
Thu Oct 26 20:19:38 GMT 2006
#3286: Handling of escape sequences is muddled and non-compatible
----------------------+-----------------------------------------------------
Reporter: cdavies | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone:
Component: Security | Version: 2.0.4
Severity: major | Resolution:
Keywords: |
----------------------+-----------------------------------------------------
Comment (by cdavies):
mysql_real_escape_string is never going to play nice, it is fundamentally
designed with ASCII in mind, and won't deal with multibyte strings at all.
I'm really, really suprised the current system hasn't garnered you any
complaints from users who need multibyte strings to be honest.
In reality, you should just be following SQL standards and only escaping
single quotes ('') in your SQL statements. This may require you to demand
a later version of MySQL, but being honest, who actually uses MySQL v3
anymore anyway?
--
Ticket URL: <http://trac.wordpress.org/ticket/3286#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list