| From: | Kevin Hunter <hunteke(at)earlham(dot)edu> |
|---|---|
| To: | Bill Moran <wmoran(at)potentialtech(dot)com> |
| Cc: | Postgres General List <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Is there PHP mysql_real_escape_string for postgresql? |
| Date: | 2007-12-21 02:52:03 |
| Message-ID: | 476B2A53.7090107@earlham.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
At 10:46a -0500 on 20 Dec 2007, Bill Moran wrote:
> In response to Erik Jones <erik(at)myemma(dot)com>:
>>> In php is there a postgresql version of mysql_real_escape_string() ?
>> You have both pg_escape_string and pg_escape_bytea available.
>
> Is there a mysql_fake_escape_string()? Should PostgreSQL have a
> pg_pretend_to_escape_string() that effectively does nothing?
Haha! Awesome! You should "count it," Bill.
Serious now, who writes the code for those PHP functions? Is that a
call that PHP makes to the respective database or does someone actually
continually keep the PHP code "up-to-date"?
Second question: why is there not more emphasis on using prepared
statements? I was taught at $SCHOOL that prepared statements,
especially for anything involving unknown user input, is the Right Way.
Am I missing something or is the lack of use of these just a noob factor?
Thanks,
Kevin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ow Mun Heng | 2007-12-21 03:35:33 | Howto backup all functions? |
| Previous Message | Colin Wetherbee | 2007-12-21 01:14:32 | Re: |