19 May
2016
19 May
'16
3:15 a.m.
Arran Cudbard-Bell wrote on 2016-05-18 16:18:
SQL-User-Name is only useful because it expands to the group being processed. For everything else the xlat escape function will prevent injection attacks.
Oh, ok. I thought the main use is that it's safe against SQL injections (because of the escaping). Of course, if one uses other attributes in the query, expr's escape would be needed for that. I tend to think that using the native escaping function would be better (like mysql_real_escape), but then you had to make sure that it uses the same context/connection as the query in which it will be used, which might be tricky. Anyway, I digress. So I will just use escape. Thanks for the input!