0

Just trying to make sure all my queries are sanitized. We're using ADOdb (it's already in place, so no talking me out of it).

Is there something in ADOdb like mysql_real_escape_string?

Jon Seigel
  • 12,251
  • 8
  • 58
  • 92
pixel
  • 3,509
  • 3
  • 17
  • 7
  • possible duplicate of: http://stackoverflow.com/questions/76359/binding-variables-to-parameters-in-adodb-for-php (Close voters will need to copy this link, I made a mistake on my first attempt.) – Jon Seigel Apr 21 '10 at 20:46

1 Answers1

1

Use parameterized queries.

MySqlCommand cmd = new MySqlCommand();
string usernName = ...;
cmd.CommandText = "select userid,age from Users where username=@username)"
cmd.Parameters.AddWithValue("@username", userName);;
MySqlDataReader reader =  smd.ExecuteReader();
nos
  • 223,662
  • 58
  • 417
  • 506