{"id":14,"date":"2008-03-06T13:11:49","date_gmt":"2008-03-06T18:11:49","guid":{"rendered":"http:\/\/www.timrosenblatt.com\/blog\/2008\/03\/06\/quick-tip-save-time-on-escaping-from-mysql_real_escape_string\/"},"modified":"2008-03-06T13:11:49","modified_gmt":"2008-03-06T18:11:49","slug":"quick-tip-save-time-on-escaping-from-mysql_real_escape_string","status":"publish","type":"post","link":"http:\/\/www.timrosenblatt.com\/blog\/2008\/03\/06\/quick-tip-save-time-on-escaping-from-mysql_real_escape_string\/","title":{"rendered":"Quick Tip: Save time on escaping from mysql_real_escape_string()"},"content":{"rendered":"<p>All data should be escaped before going into a query, to prevent a SQL-injection attack. The current &#8220;best practice&#8221; is to use mysql_real_escape_string(), which connects to the DB, checks how strings should be escaped, and then returns the safe string.<\/p>\n<p>Unfortunately, this requires a round trip to the DB, and it takes time and resources. Here&#8217;s a trick to make things faster.<\/p>\n<p>If the data you&#8217;re escaping is supposed to be an integer, and not a string, you can do this:<\/p>\n<pre>$_data = (int)$data;<\/pre>\n<p>This will force the value to be an integer. There&#8217;s no way to do an SQL-injection with a number alone, and this is something that gets done very quickly (as compared to the mysql_real_escape_string).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>All data should be escaped before going into a query, to prevent a SQL-injection attack. The current &#8220;best practice&#8221; is to use mysql_real_escape_string(), which connects to the DB, checks how strings should be escaped, and then returns the safe string. Unfortunately, this requires a round trip to the DB, and it takes time and resources. &hellip; <a href=\"http:\/\/www.timrosenblatt.com\/blog\/2008\/03\/06\/quick-tip-save-time-on-escaping-from-mysql_real_escape_string\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Quick Tip: Save time on escaping from mysql_real_escape_string()&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[16,15,17],"_links":{"self":[{"href":"http:\/\/www.timrosenblatt.com\/blog\/wp-json\/wp\/v2\/posts\/14"}],"collection":[{"href":"http:\/\/www.timrosenblatt.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.timrosenblatt.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.timrosenblatt.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.timrosenblatt.com\/blog\/wp-json\/wp\/v2\/comments?post=14"}],"version-history":[{"count":0,"href":"http:\/\/www.timrosenblatt.com\/blog\/wp-json\/wp\/v2\/posts\/14\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.timrosenblatt.com\/blog\/wp-json\/wp\/v2\/media?parent=14"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.timrosenblatt.com\/blog\/wp-json\/wp\/v2\/categories?post=14"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.timrosenblatt.com\/blog\/wp-json\/wp\/v2\/tags?post=14"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}