Chetan Badgujar
Reputation: 55
mysql_real_escape_string like function in propel
I am using propel. I'm posting a description to page and saving it by propel query
$desc="my school's is here that why "" i have work"; // this data is posting by my form input.
$education->setEddescription($desc);
$education->save();
but in database it is not escaping the ' and "" values.
thanks.
Upvotes: 0
Views: 745
Answers (1)
Teerath Kumar
Reputation: 488
Reference: Is Propel's fromArray/fromJSON feature safe from SQL injection?
Propel not only uses PDO for the queries, it also utilizes Prepared Statements via PDO, which are pretty good when it comes to mitigating SQL Injection attacks (and performance enhancing).
Note that just using PDO does NOT guarantee any protection against SQL Injection, always use Prepared Statements.
So as an answer to your question, yes, Propel fully utilizes PDO's abilities to protect from SQL Injection.
Upvotes: 2
Related Questions
- Use a function which mimics the original mysql_real_escape_string
- MySQL real escape - Own escape - o to ö?
- How to use mysql_real_escape_string function in PHP
- Symfony 1.4 Propel: escaping values in custom SQL queries?
- how do I use mysql real escape string?
- Escape MySQL PHP
- php's mysql_real_escape_string doesn't work?
- MySQL Real escape string
- mysql_real_escape_string not good enough?
- mysql_real_escape_string not working?