I am very used to using MySQL and mysql_real_escape_string(), but I have been given a new PHP project that uses ODBC. What is the correct way to escape user input in a SQL string? Is addslashes() sufficient? I would like to get this right now rather than later!

Correct way to escape input data before passing to ODBC

1 Answers

Instead of string escaping the PHP ODBC driver uses prepared statements. Use odbc_prepare to prepare an SQL statement and odbc_execute to pass in the parameters and execute the statements. (This is similar to what you can do with PDO).

138

answered Oct 19 '22 18:10

halfdan

Recent Activity
Apple Pay - authorize.net returns error 153 only when live, sandbox works
How to continue cursor loop even error occured in the loop
python find all neighbours of a given node in a list of lists
Fatal error: Call to a member function setColumn() on a non-object in Magento
Count how many of each value from a field with MySQL and PHP
Python 32-bit development on 64-bit Windows [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With

Correct way to escape input data before passing to ODBC

Tags:

php

escaping

user-input

odbc

mysql-real-escape-string

psx

1 Answers

halfdan

Recent Activity

Donate For Us

Correct way to escape input data before passing to ODBC

Tags:

php

escaping

user-input

odbc

mysql-real-escape-string

psx

1 Answers

halfdan

Related questions

Recent Activity

Donate For Us