Escape from Database Island

This is unnerving:

[bobbojones@desktop app]$ grep -R mysql_real_ * | wc -l
      20
[bobbojones@desktop app]$ find . | xargs wc -l | tail -n 1
   19199 total

In nearly 20,000 lines of code, the function mysql_real_escape_string() is called only 20 times.  I estimate, very conservatively, that there are over 300 distinct queries in that code base.

I’m really hoping someone thought they’d be cute and wrap mysql_real_escape_string() inside some other function.

One thought on “Escape from Database Island

  1. just pixels says:

    I use mysql_real_escape_string() in every line of code I write. In fact it’s the only code I use. As Bill Gates (probably) said, “if you can’t do it with mysql_real_escape_string(), it ain’t worth doing!”

Leave a Reply

Your email address will not be published. Required fields are marked *