0

The problem:

I can't use odbc_prepare or PDO->prepare with my queries because the driver I'm using (HyperFileSQL) has many issues. So, what can I do?

Details:

  • I'm able to use PDO for some queries when my data doesn't contain big strings (more than 255 characters), so I can use prepared statements without problems, but with some queries, I can't since they return data with big strings (driver problem I guess)
  • So, I'm using odbc for these queries. But when I try odbc_prepare, the driver says the following :

"Function SQLGetDescribeParam not supported by the driver, SQL state IM00 in SQLDescribeParameter"

So... I guess I have the following options :

  • Hardcode to escape bad caracters
  • Migrate data to MySQL and use PDO or ODBC that will work I guess
  • Execute queries with PDO to return the data ID (so I can protect my statement), and then use odbc to return my big strings, using the ID returned by PDO...
  • Change my job to cook some delicious cookies

I still have hopes, so please, tell me there are easier and proper solutions.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Mickaël
  • 1
  • 3
    Your 4th option looks most promising. Option number 2 would be something I would choose personally. Option number 1 doesn't make any sense, because SQL injection is not about bad characters. There's no such thing. Even normal letters can break SQL if your SQL is expecting an integer. To protect against SQL injection you need to separate SQL from data, which you do using prepared statements. If this is not possible then you might patch it up with careful SQL building, i.e. managing data types and formatting strings properly. – Dharman Nov 05 '20 at 11:01
  • Jokes aside, you seems to be answered your question already. for the problem stated as "the driver has many issues". The answer definitely is to migrate the data to some better supported DBMS. – Your Common Sense Nov 05 '20 at 11:08

0 Answers0