Sujet : Re: VMS x86-64 database server
De : ldo (at) *nospam* nz.invalid (Lawrence D'Oliveiro)
Groupes : comp.os.vmsDate : 10. Jul 2025, 00:07:22
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <104msna$fd02$9@dont-email.me>
References : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
User-Agent : Pan/0.162 (Pokrosvk)
On Wed, 9 Jul 2025 15:33:50 -0400, Arne Vajhøj wrote:
On 7/9/2025 3:25 AM, Lawrence D'Oliveiro wrote:
>
On Tue, 8 Jul 2025 21:54:20 -0400, Arne Vajhøj wrote:
>
<quote>
Defense Option 4: STRONGLY DISCOURAGED: Escaping All User-Supplied
Input </quote>
Unfortunately, you often have no choice.
You practically always have a choice.
Fine. Show alternatives to the code I posted that offers this “choice” you
speak of.
Your escape function does not have database connection either.
Which one? Naturally escaping/quoting is a common need every time you
encounter the situation of embedding one language inside another.
Reporting of SQL errors is not optional in PHP.
If it wasn’t “optional”, why would you need to enable it via the
“error_reporting()” function?