Escape username/password in PDO connection

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
georgeoc
Forum Contributor
Posts: 166
Joined: Wed Aug 09, 2006 4:21 pm
Location: London, UK

Escape username/password in PDO connection

Post by georgeoc »

Hi all,

What is the correct way to filter/escape user-inputted values for database host, name, username and password, to be used in a PDO connection?

Thanks
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Escape username/password in PDO connection

Post by Christopher »

Use prepared statements or see the manual:

http://www.php.net/manual/en/function.PDO-quote.php
(#10850)
georgeoc
Forum Contributor
Posts: 166
Joined: Wed Aug 09, 2006 4:21 pm
Location: London, UK

Re: Escape username/password in PDO connection

Post by georgeoc »

I'm talking about the strings that are used in the PDO constructor - the host, database engine & db name which form the dsn, plus the username and password. Do these strings need escaping when working with user-submitted info (i.e. when they first configure the application).

I don't know whether these fields represent a possible target for attack.
Post Reply