Posted by Jerry Stuckle on 08/14/07 10:26

Pugi! wrote:
> It is by accident that I noticed that I forgot to use
> mysql_real_escape_string in part of my webapp.
> I tested input with following text : Hélène 51°56'12'' http://www.mysite.org/folder
> 3 functions worked correctly and 1 failed:
> The one that failed didn't have mysql_real_escape_string and neither
> did 2 of the ones that worked: in those 2 I used prepared sql
> statements (PEAR DB package). The other that I used was with
> mysql_real_escape_string.
>
> So my question: can you do without mysql_real_escape_string when using
> prepared sql statements with PEAR DB-package or PDO ?
>
> For PDO apparently you can when you use quote() and prepared
> statements.
>
> Pugi
>

True, prepared statements don't need mysql_real_escape_string().

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: Re: mysql_real_escape_string necessary when using prepared statements
• Prev in forum: mysql_real_escape_string necessary when using prepared statements
• Thread view: Re: mysql_real_escape_string necessary when using prepared statements

[Reply to this message]