Reputation: 15042
I know how to escape with PDO using prepare
statements in PHP.
However I would like to escape separate variable which then will be used >>not escaped<< by other framework (wordpress).
$my_var = "something";
$my_var = PSEUDO_SINGLE_PDO_ESCAPE( $my_var );
use_elswhere('do_something', $my_var);
Is there a way how to achieve this using PDO?
Or how should I sanitize this var?
EDIT: I just found out that wordpress has its own sql escape function esc_sql()
which returns "Escaped value appropriate for use in a SQL query." Used like $var = esc_sql( $var );
Upvotes: 0
Views: 49
Reputation: 16751
To escape like PDO you can use:
$conn = new PDO('sqlite:/home/lynn/music.sql3');
$string = 'Nice';
echo "Unquoted string: $string\n";
echo "Quoted string: " . $conn->quote($string) . "\n";
See:
http://php.net/manual/en/pdo.quote.php
So you don't have to think about what characters to escape and how.
Do note that the type of database you connect to influences the escape.
Upvotes: 1