mysql_real_escape_string and interbase function

blackhorse

mysql_real_escape_string will make the sql safer.

but are there any ibase functions same as mysql_real_escape_string? if not, then interbase cannot be safely used with php as mysql with php?

what is the solution for interbase/php project to achieve the mysql_real_escape_string gives to mysql/php projects?

Thanks!

blackhorse

Any help?

I want something that equals mysql_real_escape_string in terms of security in ib_ functions. Do we have it?

Ernie_

I think addslashes() will do fine. It escapes ', ", \, and NULL. Whereas mysql_real_escape_string also escapes \x00, \n, \r and \x1a. As far as I know \x00, \n, \r and \x1a are not dangerous characters for interbase. At least in mysql they are just escaped to make a nice log.

MarkR

Interbase supports prepared queries, so you should probably use those instead of messing around trying to guess what the correct method of escaping is.

If you're using PHP 5.1 + you could try using PDO.

The "generic" way of escaping strings for SQL is to double up single quotes (') and not do anything else. But on some databases, that will be insufficient for arbritary binary data.

If you're storing binary data in a BLOB, I'd recommend using prepared statements.

The whole backslash this is entirely MySQL-specific and is not used on any other database that I am aware of.

Mark