NYCPHP Meetup

NYPHP.org

[nycphp-talk] Re: New PHundamentals Article

David Mintz dmintz at davidmintz.org
Tue Jan 6 12:47:08 EST 2004



DB::quote() (and I quote) "[q]uotes a string database-dependent, so it can
be safely used in a query." They mean, it quotes it correctly for the
backend db that you connected to when you called connect() and got a $db
object. They further say the currently supported database backends are
MySQL, PostgreSQL, InterBase, Mini SQL, Microsoft SQL Server, Oracle
7/8/8i, ODBC (Open Database Connectivity), SyBase, Informix, FrontBase.

prepare() and execute() perform more or less comparably to their
counterparts in JDBC and Perl DBI.
http://pear.php.net/manual/en/package.database.db.intro-execute.php

On Tue, 6 Jan 2004, Jeff Siegel wrote:

> P.S. Since I don't use PEAR, the question is, which one of the functions
> are used for escaping data? All three? Since the major focus is on
> MySQL, is there one that is MySQL-specific?
>
> David Mintz wrote:
>
> > If the comment period isn't over yet, I have $.02.
> >
> > You might mention that if you happen to be using PEAR DB library, you
> > might as well use quote(), or prepare() and execute(), which take care of
> > correctly quoting the values represented by ? in parameterized SQL
> > statements.
> >
> >
> > ---
> > David Mintz
> > http://davidmintz.org/
> >
> >         "Anybody else got a problem with Webistics?" -- Sopranos 24:17



More information about the talk mailing list