Level 122
"sqli_escape_string"
There is no such thing ?
Sep 25, 2019
7
Level 27
Escape string
I wonder if this is :
https://en.wikipedia.org/wiki/Escape_character
\' single quote
\" double quote
\ backslash
\n new line
\r carriage return
\t tab
\b backspace
\f form feed
\v vertical tab (Internet Explorer 9 and older treats '\v as 'v instead of a vertical tab ('\x0B). If cross-browser compatibility is a concern, use \x0B instead of \v.)
LARACASTS_SNIPPET_PLACEHOLDER null character (U+0000 NULL) (only if the next character is not a decimal digit; else it is an octal escape sequence)
\xFF character represented by the hexadecimal byte "FF"
List of escape character that can be filtered by sqli_escape_string() php function?
Level 122
Level 27
is NUL the same as NULL ? I thought NULL is the more common expression
Level 27
Does this means that : Characters encoded are NUL (ASCII 0), \n, \r, , ', ", and Control-Z
If any of those characters are founded it will be stripped away?
and what is Control-Z is it a character?
Level 122
suppose you wanted to send a string to your database like 'don't be foolish'
then the single quote in the middle of the string would mess up the sql syntax. Using this function a backslash is inserted to 'escape' the apostrophe so that mysql knows that it is part of the string and not the string terminator
eg 'don\'t be foolish'
but of course if this is used in this way, then now its not possible to have \ in a string, so backslash also escapes itself.
Level 75
@davy_yg pdo with proper bindings takes care of escaping. Eloquent uses proper bindings also.
I use apostrophes often in a field name like O'brian. But if using eloquent, query builder, or pdo with bindings I have never had to manually escape this stuff.
Just sharing some information.
Level 27
@jlrdw - this is for my IT paper about security I have to talk about this stuff - especially escape string technique.
Does this means that : Characters encoded are NUL (ASCII 0), \n, \r, , ', ", and Control-Z
If any of those characters are founded it will be stripped away? So is this a yes?
and what is Control-Z is it a character?
Please or to participate in this conversation.