tags:

views:

35

answers:

3
+2  Q: 

Why have a resource in mysql_real_escape_string?

I've been wondering for the longest time WHY I actually need a live resource to SQL connected in order to use mysql_real_escape_string ( string $unescaped_string [, resource $link_identifier ] )

Does this function not simply escape the data? What's the point of connecting? I want to use the function without a connection, I'm debating creating an account with no privileges just so I can do this.

I call a wrapper function runSQL(user, statement) and return an array with either the data or boolean status.

I've been thinking of making this runSQL(user, statement, arguments-and-validation-data)

I just want a reason. I can't find a "why" on the man page.

+4  A: 

Correct escaping depends in part on the current connection's character set, so it needs to know that information about a live connection.

Re your comment, here's a link to the manual for MySQL's C API, which is used by the PHP function:

http://dev.mysql.com/doc/refman/5.1/en/mysql-real-escape-string.html

It says:

Note that mysql must be a valid, open connection. This is needed because the escaping depends on the character set in use by the server.

Bill Karwin  2010-07-02 18:58:00
Could you provide me a link to a doc on this?
 2010-07-02 18:58:47
+4  A: 

From the documentation for mysql_real_escape_string - http://php.net/manual/en/function.mysql-real-escape-string.php

Escapes special characters in the unescaped_string, taking into account the current character set of the connection so that it is safe to place it in a mysql_query()

mluebke  2010-07-02 19:01:14
That's what I was looking for. Thank you.
 2010-07-02 19:02:36
Bonus round: Is there a way I could do this without being connected?
 2010-07-02 19:03:18
Not using the `mysql` extension, no. Please consider using something more modern, like PDO or even `mysqli`.
Charles  2010-07-02 19:36:21
I agree with the recommendation of PDO for its additional features, but it doesn't remove the requirement to be connected while using the escaping/quoting function. All the MySQL extensions in PHP use the same MySQL C API.
Bill Karwin  2010-07-02 19:42:22
A: 

It's possible to open multiple MySQL connections at a time. Usually you omit the resource parameter because you only use 1 MySQL connection in your script, and it defaults to the last opened connection.

casablanca  2010-07-02 19:01:59

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL