l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2005 Mar 18 12:07

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] BSD versus Linux (and SQL/PHP/magic quoting)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] BSD versus Linux (and SQL/PHP/magic quoting)



--Signature_Fri__18_Mar_2005_11_01_13_-0800_hAsd1TlEEnFJsfpr
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Fri, 18 Mar 2005 10:57:34 -0500
p@dirac.org (Peter Jay Salzman) wrote:
> Obtech: I tried to consolidate my knowledge of PHP, magic quotes, and
> SQL. This is my complete understanding on the topic:
>=20
>    http://www.dirac.org/linux/sql_quoting.html
>=20
> If someone has the time to comment on it and tell me whether I got it
> right or wrong, I'd appreciate it.  (This is what I was trying to read
> about when I stumbled onto the avatar above).
>=20
> Pete

Does PHP not have ?-parameter substitution (so you can say
SELECT * FROM table WHERE stringattribute=3D?
and substitute the ? with a string that is properly quoted according to
the language conventions?

For example, in Java

java.sql.Connection c;
//initialize this however you need to connect to the database

java.sql.PreparedStatement s=3Dc.prepareStatement(
	"SELECT * FROM table WHERE stringattribute=3D?"
	);
s.setString(1,"It's easy to see that you couldn't embed "+
	"this in the statement itself");
java.sql.ResultSet r=3Ds.executeQuery();


This is probably the best way to avoid excaping problems.

--Ken Bloom

--=20
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.

--Signature_Fri__18_Mar_2005_11_01_13_-0800_hAsd1TlEEnFJsfpr
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCOyV+lHapveKyytERAnj8AJ4p4BcOq1hjhc3g6VzwDFvQ8NN/oQCaA+r8
HOR2Mkfd3aBK+5qGLx2mG+0=
=HS8U
-----END PGP SIGNATURE-----

--Signature_Fri__18_Mar_2005_11_01_13_-0800_hAsd1TlEEnFJsfpr--

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!