l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2005 Mar 18 12:07

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] BSD versus Linux (and SQL/PHP/magic quoting)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] BSD versus Linux (and SQL/PHP/magic quoting)

Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Fri, 18 Mar 2005 10:57:34 -0500
p@dirac.org (Peter Jay Salzman) wrote:
> Obtech: I tried to consolidate my knowledge of PHP, magic quotes, and
> SQL. This is my complete understanding on the topic:
>    http://www.dirac.org/linux/sql_quoting.html
> If someone has the time to comment on it and tell me whether I got it
> right or wrong, I'd appreciate it.  (This is what I was trying to read
> about when I stumbled onto the avatar above).
> Pete

Does PHP not have ?-parameter substitution (so you can say
SELECT * FROM table WHERE stringattribute=3D?
and substitute the ? with a string that is properly quoted according to
the language conventions?

For example, in Java

java.sql.Connection c;
//initialize this however you need to connect to the database

java.sql.PreparedStatement s=3Dc.prepareStatement(
	"SELECT * FROM table WHERE stringattribute=3D?"
s.setString(1,"It's easy to see that you couldn't embed "+
	"this in the statement itself");
java.sql.ResultSet r=3Ds.executeQuery();

This is probably the best way to avoid excaping problems.

--Ken Bloom

I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.

Content-Type: application/pgp-signature

Version: GnuPG v1.4.0 (GNU/Linux)



vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!