ADODB connection for mysql_real_escape_string?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
eeve
Forum Newbie
Posts: 8
Joined: Thu Jun 09, 2005 3:01 pm

ADODB connection for mysql_real_escape_string?

Post by eeve »

Hi, I have a problem that I've been struggling with for months and so now I'm fed up and I'm asking the rest of you.

Here goes, I'm trying to use mysql_real_escape_string on to escape my string data when building my sql query. But I can't seem to figure what to pass as the link resource for the second parameter. I have a database class that uses ADODB to connect to the db like so:

$conn = NewADOConnection("mysql");
$conn->Connect( $this->host, $this->user, $this->pass, $this->db_name );

I figured that my $conn variable would contain the db connection required to pass to mysql_real_escape_string, but no, it errors out: Warning: mysql_real_escape_string() expects parameter 2 to be resource.

Is there an ADODB command to get the resource link needed, or is this not compatible with ADODB? (like $conn->GetLink() ) If I leave the second parameter out, the script is unable to connect on it's own, which is good. I want to explicitly give it the link resource.

Any suggestions on using this function with an ADOdb connection would be a huge help. Thanks!
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Since you're using adodb i'd suggest that you use the qstr function (instead of directly calling mysql_real_escape_string)...

Example of usage: http://phplens.com/lens/adodb/docs-adodb.htm#ex4.
eeve
Forum Newbie
Posts: 8
Joined: Thu Jun 09, 2005 3:01 pm

Post by eeve »

Is that qstr function as secure as mysql_real_escape_string?
eeve
Forum Newbie
Posts: 8
Joined: Thu Jun 09, 2005 3:01 pm

Post by eeve »

Hmm.. I looked into the source code for that function and it does use mysql_real_escape string. Very nice. Tried it and it works.

I just wish it didn't wrap single quote around the whole string for you. Oh well.

Thanks very much for the tip! :)
Post Reply