Subject Re: Firebird function equivalent to mysql_escape_string
Author ajay
Thanks Mimmo.
Yes, I am converting an application from MySQL to firebird.


--- In, "Umberto" <masotti@...> wrote:
> Hi Ajay,
> --- In, "ajay" <bhola125@> wrote:
> > Does firebird-php has an equivalent API to mysql_escape_string to make data safe before sending it to Firebird?
> From PHP on-line manual, mysql_escape_string() is deprecated from 4.3.0, use
> instead mysql_real_escape_string().
> And, quoting from PHP online manual,
> "mysql_real_escape_string() calls MySQL's library function
> mysql_real_escape_string, which prepends backslashes to the following
> characters: \x00, \n, \r, \, ', " and \x1a.
> This function must always (with few exceptions) be used to make data safe
> before sending a query to MySQL."
> Consider what follows:
> If you have a query in your source, should be already correctly writtern.
> If you compose a query with fields coming from $_REQUEST or from user input,
> you are prone to SQL injection, so don't do it.
> If you use parametrised queries, you don't need to escape.
> There where a note time age about use of runtime configuration
> magic_quotes_sybase but it's stringly deprecated from 5.3.0.
> Are you converting an application from MySQL?
> Ciao.
> Mimmo.