472,983 Members | 2,395 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > mysql_real_escape_string necessary when using prepared statements

Join Bytes to post your question to a community of 472,983 software developers and data experts.

mysql_real_escape_string necessary when using prepared statements

It is by accident that I noticed that I forgot to use
mysql_real_escape_string in part of my webapp.
I tested input with following text : Hélène 51°56'12'' http://www.mysite.org/folder
3 functions worked correctly and 1 failed:
The one that failed didn't have mysql_real_escape_string and neither
did 2 of the ones that worked: in those 2 I used prepared sql
statements (PEAR DB package). The other that I used was with
mysql_real_escape_string.

So my question: can you do without mysql_real_escape_string when using
prepared sql statements with PEAR DB-package or PDO ?

For PDO apparently you can when you use quote() and prepared
statements.

Pugi

Aug 14 '07 #1
2 3324
Pugi! wrote:
It is by accident that I noticed that I forgot to use
mysql_real_escape_string in part of my webapp.
I tested input with following text : Hélène 51°56'12'' http://www.mysite.org/folder
3 functions worked correctly and 1 failed:
The one that failed didn't have mysql_real_escape_string and neither
did 2 of the ones that worked: in those 2 I used prepared sql
statements (PEAR DB package). The other that I used was with
mysql_real_escape_string.

So my question: can you do without mysql_real_escape_string when using
prepared sql statements with PEAR DB-package or PDO ?

For PDO apparently you can when you use quote() and prepared
statements.

Pugi
True, prepared statements don't need mysql_real_escape_string().

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Aug 14 '07 #2
..oO(Pugi!)
>So my question: can you do without mysql_real_escape_string when using
prepared sql statements with PEAR DB-package or PDO ?
Yes. That's one reason for using prepared statements - you just tell the
DMBS what kind of data you will send to it, and the server itself takes
care of the proper encoding/escaping if necessary.
>For PDO apparently you can when you use quote() and prepared
statements.
Forget this method - it kinda defeats the purpose of prepared
statements. From the PDO->quote() manual:

| If you are using this function to build SQL statements, you are
| _strongly_ recommended to use PDO->prepare() to prepare SQL statements
| with bound parameters instead of using PDO->quote() to interpolate
| user input into a SQL statement. [...]

Micha
Aug 14 '07 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
mysql_real_escape_string() vs addslashes()
by: Marcus | last post by:
Hello, My php.ini file currently has magic quotes set to On, but I have read that it is better to code with it off. Currently with magic quotes on, I only use stripslashes() to properly...
PHP
9
2 small Q's about mysql_real_escape_string()
by: frizzle | last post by:
Hi groupies, I have 2 small questions, which i really want to be sure about: - does mysql_real_escape_string() prevent any kind of mysq-injection? - can it put escaped quotes etc in the DB, or...
PHP
2
Prepared queries
by: Cyril VELTER | last post by:
I'm converting an application to use the V3 protocol features in the 7.4 libpq. As I need to make a design choice regarding the use of prepared statements, I'm wondering what ressources does a...
PostgreSQL Database
2
mysql_real_escape_string() cannot connect to database..??
by: comp.lang.php | last post by:
when trying to use the mysql_real_escape_string() function, the following warning occurs: First of all, the user is not 'web' trying to connect to the database, secondly, what is...
PHP
5
mysql_real_escape_string memory leak?
by: vivek | last post by:
Could someone please help me figure out why the memory usage fluctuates when I use mysql_real_escape_string? I'm finding (what I think are) memory leaks with a few mysql functions in php and I'm...
PHP
7
mysql_real_escape_string() chopping off after quotes
by: Paul Furman | last post by:
mysql_real_escape_string() is apparently chopping off anything that follows a quote when I grab the data & put it in a form for editing. Sorry if I'm not explaining this properly, I'm pretty...
PHP
13
addslashes/mysql_real_escape_string
by: ndlarsen | last post by:
Hello. It's been a while since I used php. Since then magic quotes has been deprecated and will be removed when php 6.0 hits. My question is, what should I be using when submitting data to a...
PHP
16
I don't need mysql_real_escape_string?
by: thelma | last post by:
My raw POST seems to return already escaped...so if the php is set to do it for me, than I shouldn't do anything more? ? --thelma
PHP
5
Quick mysql_real_escape_string question.
by: Mandragon03 | last post by:
I am using mysql_real_escape_string for the input of a form before it is updated into the mysql database. Somthing like this: $realHTMLText = mysql_real_escape_string($_POST); $id =...
PHP
0
React to native button blinking effect
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
Software Development
2
isladogs
Access Europe meeting on Wed 4 Oct - The future of Access
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 4 Oct 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
Microsoft Access / VBA
0
How to find best mobile app development company in usa
by: Aliciasmith | last post by:
In an age dominated by smartphones, having a mobile app for your business is no longer an option; it's a necessity. Whether you're a startup or an established enterprise, finding the right mobile app...
Mobile Development
0
tracyyun
Can faster file sharing be achieved by connecting computers simultaneously via WiFi and LAN cables
by: tracyyun | last post by:
Hello everyone, I have a question and would like some advice on network connectivity. I have one computer connected to my router via WiFi, but I have two other computers that I want to be able to...
Networking - Hardware / Configuration
2
Energy Model code modification to account for year dependent interest rate
by: giovanniandrean | last post by:
The energy model is structured as follows and uses excel sheets to give input data: 1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
Python
4
NeoPa
Send Current Object to PDF
by: NeoPa | last post by:
Hello everyone. I find myself stuck trying to find the VBA way to get Access to create a PDF of the currently-selected (and open) object (Form or Report). I know it can be done by selecting :...
Microsoft Access / VBA
3
Finding a record, and then saving a new record after the record has been amended.
by: nia12 | last post by:
Hi there, I am very new to Access so apologies if any of this is obvious/not clear. I am creating a data collection tool for health care employees to complete. It consists of a number of...
Microsoft Access / VBA
0
NeoPa
VBA Class Basics (Report Class)
by: NeoPa | last post by:
Introduction For this article I'll be focusing on the Report (clsReport) class. This simply handles making the calling Form invisible until all of the Reports opened by it have been closed, when it...
Microsoft Access / VBA
0
isladogs
Access Europe Meeting - Wed 6 Dec - Streamline Your Import/Export Spec Workflow with VBA Classes
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!