There is no SQL escaping methods, nor PDO data binding methods.

Recommend this page to a friend!

      PDO Multi Connection Class  >  All threads  >  There is no SQL escaping methods,...  >  (Un) Subscribe thread alerts  
Subject:There is no SQL escaping methods,...
Summary:Package rating comment
Messages:6
Author:Artur Graniszewski
Date:2011-02-27 17:06:15
Update:2012-02-08 03:39:25
 

Artur Graniszewski rated this package as follows:

Utility: Insufficient
Consistency: Good

  1. There is no SQL escaping methods,...   Reply   Report abuse  
Picture of Artur Graniszewski Artur Graniszewski - 2011-02-27 17:06:22
There is no SQL escaping methods, nor PDO data binding methods.

Good job with the various databases compatibility (method to get latest ID, etc.) Maybe you should add SHOW TABLES, and SHOW DATABASES equivalents?

  2. Re: There is no SQL escaping methods,...   Reply   Report abuse  
Picture of Evert Ulises German Soto Evert Ulises German Soto - 2011-02-27 23:09:54 - In reply to message 1 from Artur Graniszewski
Ok Artur, in the next version you will see and use the functions that you comment. Thanks for you comment.

  3. Re: There is no SQL escaping methods,...   Reply   Report abuse  
Picture of Evert Ulises German Soto Evert Ulises German Soto - 2011-10-14 16:34:25 - In reply to message 1 from Artur Graniszewski
Hi Artur just for notify, the class has been updated. today include one method for secure statements, binding the params. i hope that you liked the changes.

  4. Re: There is no SQL escaping methods,...   Reply   Report abuse  
Picture of Ignacio Colautti Ignacio Colautti - 2012-01-25 14:58:25 - In reply to message 3 from Evert Ulises German Soto
If you bindParam an email, or anything with a @, you're doom.

$email = $_POST["email"];//"desarrollo@innatia.com";
$params = array(":email@".$email."@STR");
$rows = $this->db->query_secure("SELECT password FROM usuarios WHERE email = :email LIMIT 1;", $params, true);

How can you escape it ?

  5. Re: There is no SQL escaping methods,...   Reply   Report abuse  
Picture of Ignacio Colautti Ignacio Colautti - 2012-02-07 15:15:41 - In reply to message 4 from Ignacio Colautti
I change the separator to [[@]].

But now i have another problem :)
rowcount() doesnt work with query_secure's queries.
Any ideas without using PHP count() ?

  6. Re: There is no SQL escaping methods,...   Reply   Report abuse  
Picture of Evert Ulises German Soto Evert Ulises German Soto - 2012-02-08 03:39:25 - In reply to message 5 from Ignacio Colautti
Hi Ignacio give me a lot time for testing the class and modify for better functionally...

 

For more information send a message to info at phpclasses dot org.