Adodb, escaping quotes?

Question

I am using adodb with php. I need to insert html into my database, and need to know the best method to escape the quotes before inserting it into the database? I tried using pg_escape_string() but it still does not seem to insert.

What is the best method to do this?

score 5 · Answer 1 · edited May 23 '17 at 11:45

5

The best method is to use a parameterized query. See here to get started:

SO question: Calling Stored Procedure using ADOdb in PHP
SO question: Binding variables to parameters in ADOdb for PHP
ADOdb Library for PHP - documentation

edited May 23 '17 at 11:45

Community

1
1

answered Feb 28 '10 at 07:47

Tomalak

332,285
67
532
628

I am not sure I understand how this will help in escaping. – Nic Hubbard Feb 28 '10 at 08:00
@Nic: But that is the whole *point* of parameterized queries. You don't need any escaping. You pass the raw string into the parameter, and that's it. – Tomalak Feb 28 '10 at 09:53
Ok, I guess even after looking at those posts I am still every confused how to use parameterized queries. – Nic Hubbard Feb 28 '10 at 19:54
$sql = "INSERT tbl (id, html) VALUES (?, ?)"; $results = $this->db->Execute($sql, array($id_val, $html_string)); – Tomalak Mar 01 '10 at 00:22

score 2 · Answer 2 · edited Oct 06 '11 at 20:56

2

$conn = &ADONewConnection('access');

$var = $conn->qstr("Clean");

edited Oct 06 '11 at 20:56

Jason Plank

2,336
5
31
40

answered Dec 08 '10 at 23:53

Julio

1,903
2
16
19

1

Sometimes [addQ](http://adodb.org/dokuwiki/doku.php?id=v5:reference:connection:addq) is better alternative – Agnius Vasiliauskas Mar 12 '19 at 21:45

Adodb, escaping quotes?

2 Answers2