Page 1 of 1

Am I missing anything?

Posted: Sun Jan 21, 2007 6:30 pm
by alex.barylski

Code: Select all

$content = strip_tags(trim($content));
      
      $content1 = mysql_real_escape_string(substr($content, 0, 255));
      $content2 = mysql_real_escape_string(substr($content, 256, 511));
I am using two 256 byte blocks inside my table (max size for VARCHAR???)...unless there is a better way - to store 512 bytes? This introduces a potential security problem if anyone figured out the buffer was split on a 256 byte boundry so I escape both...

Can you see anything else wrong with this? Is my math right? :?

Cheers :)

Posted: Sun Jan 21, 2007 6:49 pm
by Ambush Commander
Use TEXT.

Posted: Sun Jan 21, 2007 7:57 pm
by alex.barylski
Isn't that a variable length field though?

Posted: Sun Jan 21, 2007 7:59 pm
by Ambush Commander
Yeah, but you can always check the length inbound. VARCHAR, technically speaking, is also a variable length field too.

Posted: Sun Jan 21, 2007 9:02 pm
by aaronhall
Max size for varchar is 256 bytes, but since one byte is always reserved for the size of the data in the column, the max storage is 255 bytes. If you're using MySQL >=5, varchars can be defined as greater than 255 and the column will reserve an second byte to hold the length.