Is there any other way to do this? I'd rather not use PDO. On Feb 10, 2008 2:46 PM, Nathan Nobbe <quickshiftin@xxxxxxxxx> wrote: > On Feb 10, 2008 2:38 PM, NotReally GonnaTell <lithlist@xxxxxxxxx> wrote: > > > Hello all, I am wondering how I should prevent SQL injection attacks > > while > > using SQLite, MySQL has the trusted mysqli_real_escape_string, > > but SQLite doesn't have it's own custom function, i've tried str_replace > > in > > my code, but SQLite returns an error whenever I use a '. I've tried > > googling > > around, but I haven't found anything useful. > > > > you can use PDO, and its prepared statements. > > -nathan >
