NYCPHP Meetup

NYPHP.org

[nycphp-talk] Re: New PHundamentals Article

Dan Cech dcech at phpwerx.net
Tue Jan 6 12:39:09 EST 2004


In PEAR the closest 'equivalent' is probably quote (), the other 2 
functions are much more powerful tools.

The same goes for ADODB, you can use qstr () or the PEAR compatible 
quote ().

One thing to note about these functions is that they will not only 
escape the strings but will quote them as well.

The beauty of them is that they are smart enough to determine what needs 
to be done for the particular database, so you don't need to worry about 
them being MySQL/PostgreSQL/etc specific.

Dan

Jeff Siegel wrote:

> Sorry...comment period ended 5 minutes ago. ;)
> 
> Jeff
> P.S. Since I don't use PEAR, the question is, which one of the functions 
> are used for escaping data? All three? Since the major focus is on 
> MySQL, is there one that is MySQL-specific?
> 
> David Mintz wrote:
> 
>> If the comment period isn't over yet, I have $.02.
>>
>> You might mention that if you happen to be using PEAR DB library, you
>> might as well use quote(), or prepare() and execute(), which take care of
>> correctly quoting the values represented by ? in parameterized SQL
>> statements.
>>
>>
>> ---
>> David Mintz
>> http://davidmintz.org/
>>
>>         "Anybody else got a problem with Webistics?" -- Sopranos 24:17
>> _______________________________________________
>> talk mailing list
>> talk at lists.nyphp.org
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
> 




More information about the talk mailing list