Brad Bonkoski wrote:
...
this adds single quotes automatically - addslashes (unless Im mistaken -
wouldnt be the first time) would add slashes (and not single quotes)
which is not what you want.
Only done automatically IFF magic_quotes_gpc is ALSO on, which in my
case it is off.
excerpts from manual....
magic_quotes_sybase *boolean*
<http://www.php.net/manual/en/language.types.boolean.php>
If magic_quotes_sybase is on, a single-quote is escaped with a
single-quote instead of a backslash if magic_quotes_gpc
<http://www.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc> or
magic_quotes_runtime
<http://www.php.net/manual/en/ref.info.php#ini.magic-quotes-runtime> are
enabled.
-and -
An example use of *addslashes()* is when you're entering data into a
database. For example, to insert the name O'reilly into a database, you
will need to escape it. Most databases do this with a \ which would mean
O\'reilly. This would only be to get the data into the database, the
extra \ will not be inserted. Having the PHP directive
magic_quotes_sybase
<http://www.php.net/manual/en/ref.sybase.php#ini.magic-quotes-sybase>
set to on will mean ' is instead escaped with another '.
consider this a reminder to myself to RTFM. ;-)
...
Is there a better/more secure wahy?
...
Understood...
The Oracle work I do is in a 'controlled' environment, but portability
should be factored in at some point! I will test out the ora_bind
function to see if that does escaping for me, but that is a PITA!
especially with large queries...
indeed - probably work the time to write some kind of generic routine to
do the binding based on field datatypes etc - then again that probably will cost
you performance... you know the saying "you can't have your cake and eat it"
What about your firebird suggestion, does this work well with Oracle
connections and queries?
no my firebird suggestion only works at all when connecting to firebird databases. :-)
but when you do connect to a firebird db it works very well indeed ;-)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
