[Phpmyadmin-devel] mysql(i)_real_escape_string()

Fri Oct 21 06:26:51 CEST 2005

Sebastian Mendel a écrit :
> Hi,
> 
> how does phpMyAdmin normaly escapes string inserted in sql querys?
> or
> why is there no function like PMA_DBI_escapeString() ?
> 

We are not using escaping, and I don't think we should do.
A few months ago I had a look at our login panel and I don't think there 
is an injection problem there.

IMO there are two situations here.

1. If you are talking about what we do with queries coming from users, 
for example in sql.php, users need to be able to send any query here.

2. If you found some place where we build a query in PMA and there could 
be an injection problem, please tell us (not on this list :)  )

Marc

Marc