On Feb 10, 2008 2:38 PM, NotReally GonnaTell <lithlist@xxxxxxxxx> wrote: > Hello all, I am wondering how I should prevent SQL injection attacks while > using SQLite, MySQL has the trusted mysqli_real_escape_string, > but SQLite doesn't have it's own custom function, i've tried str_replace > in > my code, but SQLite returns an error whenever I use a '. I've tried > googling > around, but I haven't found anything useful. > you can use PDO, and its prepared statements. -nathan
