--- In firebird-php@yahoogroups.com, "ajay" <bhola125@...> wrote:
> Does firebird-php has an equivalent API to mysql_escape_string to make data safe before sending it to Firebird?

From PHP on-line manual, mysql_escape_string() is deprecated from 4.3.0, use
instead mysql_real_escape_string().
And, quoting from PHP online manual,
"mysql_real_escape_string() calls MySQL's library function
mysql_real_escape_string, which prepends backslashes to the following
characters: \x00, \n, \r, \, ', " and \x1a.
This function must always (with few exceptions) be used to make data safe
before sending a query to MySQL."

Consider what follows:
If you have a query in your source, should be already correctly writtern.
If you compose a query with fields coming from $_REQUEST or from user input,
you are prone to SQL injection, so don't do it.
If you use parametrised queries, you don't need to escape.
There where a note time age about use of runtime configuration
magic_quotes_sybase but it's stringly deprecated from 5.3.0.

Are you converting an application from MySQL?

Ciao.
Mimmo.