What is the PDO equivalent of mysql_real_escape_string?

Question

How can security with PDO or what is the equivalent PDO this secure function?

function secure($string){
  return(mysql_real_escape_string(htmlspecialchars(strip_tags($string))));
}

Are you looking for a way to prevent SQL injection? Use prepared statements then. — Bart Friederichs, Apr 08 '15 at 19:09
Yes, I did some research but could not find a solution to prevent SQL injection. — Özgür Akıncı, Apr 08 '15 at 19:11
Read this: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php — Bart Friederichs, Apr 08 '15 at 19:14

score 0 · Answer 1 · answered Apr 08 '15 at 19:10

0

Man PHP: you have to use the function PDO::quote()

answered Apr 08 '15 at 19:10

Marchah

It should be a very rare circumstance that you're using `PDO::quote()` instead of a prepared statement. Important to note though, that this is _not_ a direct equivalent function to `mysql_real_escape_string()`, because `PDO::quote()` both escapes internally and places outer quotes on the string: From the linked docs "_PDO::quote() places quotes around the input string (if required) and escapes special characters_" – Michael Berkowski Apr 08 '15 at 20:26

1 Answers1