At 10:46a -0500 on 20 Dec 2007, Bill Moran wrote: > In response to Erik Jones <erik@xxxxxxxxxx>: >>> In php is there a postgresql version of mysql_real_escape_string() ? >> You have both pg_escape_string and pg_escape_bytea available. > > Is there a mysql_fake_escape_string()? Should PostgreSQL have a > pg_pretend_to_escape_string() that effectively does nothing? Haha! Awesome! You should "count it," Bill. Serious now, who writes the code for those PHP functions? Is that a call that PHP makes to the respective database or does someone actually continually keep the PHP code "up-to-date"? Second question: why is there not more emphasis on using prepared statements? I was taught at $SCHOOL that prepared statements, especially for anything involving unknown user input, is the Right Way. Am I missing something or is the lack of use of these just a noob factor? Thanks, Kevin ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
