Best method for inserting oracle strings..?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
dimxasnewfrozen
Forum Commoner
Posts: 84
Joined: Fri Oct 30, 2009 1:21 pm

Best method for inserting oracle strings..?

Post by dimxasnewfrozen »

I've been working with oracle a lot recently and was just wondering what the best practice is for inserting large string values since mysql_real_escape_string() is not an option.

Current I'm using something like:

Code: Select all

$new_string  = addslashes(str_replace("'", "''", $string));
Replacing single quotes with 2 single quotes and adding slashes. What's the most secure method of doing this?
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Best method for inserting oracle strings..?

Post by kaisellgren »

Use PDO and prepare your queries: http://www.php.net/manual/en/pdo.prepare.php
Post Reply