Skip to content

abreksa4/mysql-escape-string-polyfill

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits

src

src

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

README.md

README.md

 
 

_config.yml

_config.yml

 
 

composer.json

composer.json

 
 

composer.lock

composer.lock

 
 

phpunit.xml

phpunit.xml

 
 

Repository files navigation

mysql-escape-string-polyfill

Build Status codecov

mysql-escape-string-polyfill is a very insecure mysql_escape_string implementation (PHP 7.1/7.2) for a very limited use case

Usage

  1. Install this package via composer: composer require andrewbreksa/mysql-escape-string-polyfill
  2. Find all the places you use the mysql_* functions, and refactor your code to use PDO

Limitations

  • Uses the following map to replace characters in a string: 
    $replacementMap = [
    "\0" => "\\0",
    "\n" => "\\n",
    "\r" => "\\r",
    "\t" => "\\t",
    chr(26) => "\\Z",
    chr(8) => "\\b",
    '"' => '\"',
    "'" => "\'",
    '_' => "\_",
    "%" => "\%",
    '\\' => '\\\\'
];
  • Not very comprehensively tested, this will be an ongoing effort as new edge cases are discovered

Hacking on the complex source code

The implementation can be found in functions.php, and you can run tests by executing composer test

About

a very insecure mysql_escape_string implementation for a very limited use case

abreksa4.github.io/mysql-escape-string-polyfill/

Topics

mysql polyfill php dont-use-this-no-really insecure ext-mysql mysql-escape-string

Resources

Readme
Activity

Stars

9 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases 4

update to documentation Latest
Mar 15, 2019
+ 3 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages