Page 1 of 1

Best method for inserting oracle strings..?

Posted: Thu Apr 29, 2010 8:45 am
by dimxasnewfrozen
I've been working with oracle a lot recently and was just wondering what the best practice is for inserting large string values since mysql_real_escape_string() is not an option.

Current I'm using something like:

Code: Select all

$new_string  = addslashes(str_replace("'", "''", $string));
Replacing single quotes with 2 single quotes and adding slashes. What's the most secure method of doing this?

Re: Best method for inserting oracle strings..?

Posted: Sun May 09, 2010 2:46 am
by kaisellgren
Use PDO and prepare your queries: http://www.php.net/manual/en/pdo.prepare.php