Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
580 views
in Technique[技术] by (71.8m points)

php - Correct way to escape input data before passing to ODBC

I am very used to using MySQL and mysql_real_escape_string(), but I have been given a new PHP project that uses ODBC.

What is the correct way to escape user input in a SQL string?

Is addslashes() sufficient?

I would like to get this right now rather than later!

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Instead of string escaping the PHP ODBC driver uses prepared statements. Use odbc_prepare to prepare an SQL statement and odbc_execute to pass in the parameters and execute the statements. (This is similar to what you can do with PDO).


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...