Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
DB_escape_string
03-27-2014, 01:11 PM, (This post was last modified: 03-27-2014, 01:11 PM by serakfalcon.)
#68
RE: DB_escape_string
I think, in sum, the new query function is built to resemble the old query function, with the added benefit that, so long as users are instructed to only use bindvars for variables, the queries will be 99.9% injection safe.

However, the function does not take advantage of the fact that parametrized queries are more efficient when executed multiple times. A possible solution would be to pass the statement back and force the user to close it themselves. This is more to remember for coders but allows for parametrized queries to do what they are originally were intended for: executing the SQL statement with different variables multiple times. If we do that we'd also need a function to alter the bound parameters (since bind_param is mysqli specific) as well.

Also, for constant SQL queries, using parametrized queries comes at a slight performance hit. So, there is a case to be made for keeping a straight-up database query function for those cases, as long as it is very clear that it is only to be used when no variables are needed whatsoever.
Reply


Messages In This Thread
DB_escape_string - by icedlava - 03-06-2014, 05:42 PM
RE: DB_escape_string - by serakfalcon - 03-06-2014, 06:26 PM
RE: DB_escape_string - by Forums - 03-06-2014, 06:26 PM
RE: DB_escape_string - by icedlava - 03-09-2014, 10:19 PM
RE: DB_escape_string - by Forums - 03-10-2014, 04:44 AM
RE: DB_escape_string - by icedlava - 03-10-2014, 10:31 AM
RE: DB_escape_string - by serakfalcon - 03-10-2014, 04:16 PM
RE: DB_escape_string - by icedlava - 03-10-2014, 04:38 PM
RE: DB_escape_string - by serakfalcon - 03-06-2014, 06:27 PM
RE: DB_escape_string - by Forums - 03-10-2014, 06:56 PM
RE: DB_escape_string - by icedlava - 03-10-2014, 07:13 PM
RE: DB_escape_string - by Forums - 03-10-2014, 10:52 PM
RE: DB_escape_string - by Forums - 03-11-2014, 05:03 AM
RE: DB_escape_string - by serakfalcon - 03-11-2014, 01:26 PM
RE: DB_escape_string - by Forums - 03-11-2014, 05:43 PM
RE: DB_escape_string - by weberp - 03-14-2014, 08:25 PM
RE: DB_escape_string - by icedlava - 03-14-2014, 08:33 PM
RE: DB_escape_string - by weberp - 03-14-2014, 09:02 PM
RE: DB_escape_string - by phil - 03-12-2014, 02:59 PM
RE: DB_escape_string - by icedlava - 03-12-2014, 03:39 PM
RE: DB_escape_string - by Forums - 03-12-2014, 08:20 PM
RE: DB_escape_string - by serakfalcon - 03-12-2014, 09:01 PM
RE: DB_escape_string - by icedlava - 03-12-2014, 09:08 PM
RE: DB_escape_string - by serakfalcon - 03-13-2014, 12:39 AM
RE: DB_escape_string - by icedlava - 03-13-2014, 11:55 AM
RE: DB_escape_string - by phil - 03-13-2014, 12:49 PM
RE: DB_escape_string - by icedlava - 03-13-2014, 01:03 PM
RE: DB_escape_string - by phil - 03-13-2014, 05:27 PM
RE: DB_escape_string - by icedlava - 03-13-2014, 05:52 PM
RE: DB_escape_string - by phil - 03-13-2014, 06:01 PM
RE: DB_escape_string - by icedlava - 03-13-2014, 06:39 PM
RE: DB_escape_string - by weberp - 03-16-2014, 03:19 AM
RE: DB_escape_string - by serakfalcon - 03-20-2014, 08:31 PM
RE: DB_escape_string - by weberp1 - 03-21-2014, 12:04 AM
RE: DB_escape_string - by serakfalcon - 03-21-2014, 01:50 AM
RE: DB_escape_string - by icedlava - 03-20-2014, 10:29 PM
RE: DB_escape_string - by serakfalcon - 03-20-2014, 11:48 PM
RE: DB_escape_string - by icedlava - 03-21-2014, 11:04 AM
RE: DB_escape_string - by icedlava - 03-21-2014, 01:08 PM
RE: DB_escape_string - by serakfalcon - 03-21-2014, 04:51 PM
RE: DB_escape_string - by icedlava - 03-21-2014, 05:48 PM
RE: DB_escape_string - by serakfalcon - 03-21-2014, 06:54 PM
RE: DB_escape_string - by icedlava - 03-22-2014, 12:31 AM
RE: DB_escape_string - by serakfalcon - 03-22-2014, 12:55 AM
RE: DB_escape_string - by phil - 03-22-2014, 03:20 PM
RE: DB_escape_string - by serakfalcon - 03-22-2014, 04:28 PM
RE: DB_escape_string - by phil - 03-23-2014, 09:00 AM
RE: DB_escape_string - by Uhuru - 03-23-2014, 08:27 PM
RE: DB_escape_string - by icedlava - 03-26-2014, 03:22 AM
RE: DB_escape_string - by serakfalcon - 03-23-2014, 06:35 PM
RE: DB_escape_string - by Uhuru - 03-26-2014, 08:05 AM
RE: DB_escape_string - by icedlava - 03-26-2014, 12:51 PM
RE: DB_escape_string - by phil - 03-26-2014, 01:40 PM
RE: DB_escape_string - by icedlava - 03-26-2014, 01:57 PM
RE: DB_escape_string - by Uhuru - 03-26-2014, 05:30 PM
RE: DB_escape_string - by icedlava - 03-26-2014, 06:04 PM
RE: DB_escape_string - by serakfalcon - 03-26-2014, 06:20 PM
RE: DB_escape_string - by icedlava - 03-26-2014, 06:27 PM
RE: DB_escape_string - by Uhuru - 03-26-2014, 06:42 PM
RE: DB_escape_string - by icedlava - 03-26-2014, 06:46 PM
RE: DB_escape_string - by Uhuru - 03-26-2014, 06:34 PM
RE: DB_escape_string - by serakfalcon - 03-26-2014, 06:40 PM
RE: DB_escape_string - by icedlava - 03-26-2014, 06:41 PM
RE: DB_escape_string - by serakfalcon - 03-26-2014, 07:38 PM
RE: DB_escape_string - by icedlava - 03-26-2014, 08:01 PM
RE: DB_escape_string - by phil - 03-27-2014, 07:24 AM
RE: DB_escape_string - by icedlava - 03-27-2014, 11:56 AM
RE: DB_escape_string - by serakfalcon - 03-27-2014, 01:11 PM
RE: DB_escape_string - by icedlava - 03-27-2014, 01:39 PM
RE: DB_escape_string - by serakfalcon - 03-27-2014, 03:32 PM
RE: DB_escape_string - by icedlava - 03-27-2014, 03:38 PM
RE: DB_escape_string - by Exsonqu_Qu - 03-27-2014, 06:00 PM
RE: DB_escape_string - by Uhuru - 03-27-2014, 06:50 PM
RE: DB_escape_string - by Exsonqu_Qu - 03-28-2014, 12:26 PM
RE: DB_escape_string - by phil - 03-27-2014, 06:57 PM
RE: DB_escape_string - by icedlava - 03-27-2014, 09:06 PM
RE: DB_escape_string - by Uhuru - 03-27-2014, 09:14 PM
RE: DB_escape_string - by icedlava - 03-27-2014, 09:21 PM
RE: DB_escape_string - by Exsonqu_Qu - 03-28-2014, 12:44 PM
RE: DB_escape_string - by Uhuru - 03-27-2014, 10:48 PM
RE: DB_escape_string - by icedlava - 03-27-2014, 10:55 PM
RE: DB_escape_string - by Uhuru - 03-27-2014, 11:44 PM
RE: DB_escape_string - by icedlava - 03-27-2014, 11:55 PM
RE: DB_escape_string - by agaluski - 03-27-2014, 11:53 PM
RE: DB_escape_string - by serakfalcon - 03-28-2014, 01:31 PM
RE: DB_escape_string - by icedlava - 03-28-2014, 03:34 PM
RE: DB_escape_string - by Uhuru - 03-28-2014, 07:33 PM
RE: DB_escape_string - by phil - 03-28-2014, 08:05 PM
RE: DB_escape_string - by Uhuru - 03-31-2014, 04:27 PM
RE: DB_escape_string - by serakfalcon - 03-31-2014, 05:47 PM

Forum Jump:


Users browsing this thread: 2 Guest(s)