addslashes() equivalent for securing custom database queries

addslashes() equivalent for securing custom database queries

Thursday 13 December 2007 1:09:47 am - 2 replies

Author Message

Łukasz Serwatka

Thursday 13 December 2007 1:46:16 am

Hi Piotrek,

You can use escapeString() ezdbinterface.php

    /*!
      \pure
      Will escape a string so it's ready to be inserted in the database.
    */
    function escapeString( $str )
    {
        return $str;
    }

Re-implemented in ezmysqldb.php

$db = eZDB::instance();
$db->escapeString( $str );

When you are using eZPresistentObject for storing content it will handle it automatically.

Personal website -> http://serwatka.net
Blog (about eZ Publish) -> http://serwatka.net/blog

Piotrek Karaś

Thursday 13 December 2007 3:35:18 am

Łukasz,

This is exactly it!
Sometimes it's difficult to locate some wrappers, especially if you don't know if they exist, but I'm getting an impression that there will be one for anything in eZ ;)

Thanks!

--
Company: mediaSELF Sp. z o.o., http://www.mediaself.pl
eZ references: http://ez.no/partners/worldwide_partners/mediaself
eZ certified developer: http://ez.no/certification/verify/272585
eZ blog: http://ez.ryba.eu

You must be logged in to post messages in this topic!

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.