Fwd: [Bug 9932] expose mysql_real_escape_string() function

Pete pete at mollysrevenge.com
Thu Jan 5 15:46:00 EST 2012


Sorry guys, forwarded the wrong email in my last post re SQL injection -
here's the correct one.

---------- Forwarded message ----------
From: <rqcc-daemon at var.on-rev.com>
Date: Thu, Jan 5, 2012 at 4:31 AM
Subject: [Bug 9932] expose mysql_real_escape_string() function
To: pete at mollysrevenge.com


http://quality.runrev.com/show_bug.cgi?id=9932


michael.mccreary at runrev.com changed:

          What    |Removed                     |Added
----------------------------------------------------------------------------
          Severity|major                       |enhancement
            Status|UNCONFIRMED                 |NEW
    Ever Confirmed|0                           |1




------- Comment #1 from michael.mccreary at runrev.com  2012-01-05 06:31
-------
Hi Andre

Thanks very much for the report.  I'm changing this to a an enhancement
request.

The function mysql_real_escape_string (and its equivalents for the other
database types) is called internally by revDB when passing data using
variable
lists (for an example, see the dictionary entry for revQueryDatabase).
 This is
the preferred method for escaping data.

Warm Regards

Michael


--
Configure bugmail: http://quality.runrev.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are a voter for the bug, or are watching someone who is.




-- 
Pete
Molly's Revenge <http://www.mollysrevenge.com>



More information about the use-livecode mailing list