Haluk Karamete <halukkaramete@xxxxxxxxx> hat am 20. Januar 2012 um 20:56
geschrieben:
> Do we all agree on that? It's a plain YES or NO question right here.
No, I do not agree.
1) There is no sense in cleaning up all arrays using mysql escape. This one
is for escaping BEFORE using it in a query. Why should I alter all my
get/post data, if not all data is passed to sql?
2) Think about big post arrays and consider 1) Why should I waste CPU time
to escape all my data, even if not all data is used in sql?
3) The approach you try to re-invent here is already known, take a look at
the php docs by searching for filter extension
4) What is the sense in connecting to a database at the begin of every
script? What if the script will not use it, because of data validation
failed? You wated a mysql connection on that.
There are many more reasons, and I am sure there will be follow ups on
that.
Si it's a plain NO from me.
Marco Behnke
Dipl. Informatiker (FH), SAE Audio Engineer Diploma
Zend Certified Engineer PHP 5.3
Tel.: 0174 / 9722336
e-Mail: marco@xxxxxxxxxx
Softwaretechnik Behnke
Heinrich-Heine-Str. 7D
21218 Seevetal
http://www.behnke.biz
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP Home]
[Apache Users]
[PHP on Windows]
[Kernel Newbies]
[PHP Install]
[PHP Classes]
[Pear]
[Postgresql]
[Postgresql PHP]
[PHP on Windows]
[Find Someone]
[PHP Database Programming]
[PHP SOAP]
