mysql-escape-string-polyfill
mysql-escape-string-polyfill is a very insecure mysql_escape_string
implementation (PHP 7.1/7.2) for a very limited use case
Usage
- Install this package via composer:
composer require andrewbreksa/mysql-escape-string-polyfill
- Find all the places you use the
mysql_*
functions, and refactor your code to use PDO
Limitations
- Uses the following map to replace characters in a string:
$replacementMap = [ "\0" => "\\0", "\n" => "\\n", "\r" => "\\r", "\t" => "\\t", chr(26) => "\\Z", chr(8) => "\\b", '"' => '\"', "'" => "\'", '_' => "\_", "%" => "\%", '\\' => '\\\\' ];
- Not very comprehensively tested, this will be an ongoing effort as new edge cases are discovered
Hacking on the complex source code
The implementation can be found in functions.php, and you can run tests by executing composer test