Page 1 of 1

ADODB connection for mysql_real_escape_string?

Posted: Thu Apr 19, 2007 10:13 am
by eeve
Hi, I have a problem that I've been struggling with for months and so now I'm fed up and I'm asking the rest of you.

Here goes, I'm trying to use mysql_real_escape_string on to escape my string data when building my sql query. But I can't seem to figure what to pass as the link resource for the second parameter. I have a database class that uses ADODB to connect to the db like so:

$conn = NewADOConnection("mysql");
$conn->Connect( $this->host, $this->user, $this->pass, $this->db_name );

I figured that my $conn variable would contain the db connection required to pass to mysql_real_escape_string, but no, it errors out: Warning: mysql_real_escape_string() expects parameter 2 to be resource.

Is there an ADODB command to get the resource link needed, or is this not compatible with ADODB? (like $conn->GetLink() ) If I leave the second parameter out, the script is unable to connect on it's own, which is good. I want to explicitly give it the link resource.

Any suggestions on using this function with an ADOdb connection would be a huge help. Thanks!

Posted: Thu Apr 19, 2007 10:26 am
by timvw
Since you're using adodb i'd suggest that you use the qstr function (instead of directly calling mysql_real_escape_string)...

Example of usage: http://phplens.com/lens/adodb/docs-adodb.htm#ex4.

Posted: Thu Apr 19, 2007 10:32 am
by eeve
Is that qstr function as secure as mysql_real_escape_string?

Posted: Thu Apr 19, 2007 10:42 am
by eeve
Hmm.. I looked into the source code for that function and it does use mysql_real_escape string. Very nice. Tried it and it works.

I just wish it didn't wrap single quote around the whole string for you. Oh well.

Thanks very much for the tip! :)