06-01-2010, 02:44 PM
In their documentation, they say:
Now considering that EZSQL is supposed to be an abstraction layer to the actual database that is used, how would you recommend you go about preventing SQL injection considering that mysql_real_escape_string implies that it will only work when you are using a MySQL database, and not another kind of SQL database?
Quote:$db->escape() makes any string safe to use as a value in a query under all PHP conditions. I.E. if magic quotes are turned on or off. Note: Should not be used by itself to guard against SQL injection attacks. The purpose of this function is to stop accidental mal formed queries.
Now considering that EZSQL is supposed to be an abstraction layer to the actual database that is used, how would you recommend you go about preventing SQL injection considering that mysql_real_escape_string implies that it will only work when you are using a MySQL database, and not another kind of SQL database?
The little boat gently drifted across the pond exactly the way a bowling ball wouldn't.