setAttribute to PDO using ODBC Driver?

Question

i am trying to set some attributes to my pdo connection, i am using the odbc drvier that is connecting to SQL Server and i get unknown attribute

$db = new PDO("odbc:Driver={SQL Server};Server=127.0.0.1;Database=my_db;charset=utf8; Uid=my_usser;Pwd=my_pass;");
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
print_r($db->errorinfo());

//It show me: Array ( [0] => 00000 [1] => 0 [2] => Unknown Attribute (setAttribute[0] at (null):0) [3] => IM001 )

I want to set PDO::ATTR_EMULATE_PREPARES to false coz i read here is a secure way to stop sql injection when using prepare functiom.

score 0 · Answer 1 · answered Jun 18 '13 at 08:46

0

You have to use prepared statements to make it secure.
While EMULATE_PREPARES is irrelevant to security and safe either way.

Also, you have to use only settings supported by the driver.

answered Jun 18 '13 at 08:46

Your Common Sense

156,878
40
214
345

http://stackoverflow.com/questions/134099/are-pdo-prepared-statements-sufficient-to-prevent-sql-injection It says there pdo->prepare sometimes is not enoguh and we need to use $pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); – Mando Madalin Jun 18 '13 at 10:57

score 0 · Answer 2 · answered Jun 18 '14 at 12:10

0

It is not possible to use prepared statements from Linux to MSSQL. Deploy your production code on Windows and use PDO SQLSRV driver, or don't use prepared statements (which basically means you can't use Unicode).

answered Jun 18 '14 at 12:10

chugadie

2,786
1
24
33

setAttribute to PDO using ODBC Driver?

2 Answers2

Linked