jave.web
jave.web

Reputation: 15042

SQL separate / single variable escape with PDO

I know how to escape with PDO using prepare statements in PHP.

However I would like to escape separate variable which then will be used >>not escaped<< by other framework (wordpress).

$my_var = "something";
$my_var = PSEUDO_SINGLE_PDO_ESCAPE( $my_var );
use_elswhere('do_something', $my_var);

Is there a way how to achieve this using PDO?

Or how should I sanitize this var?

EDIT: I just found out that wordpress has its own sql escape function esc_sql() which returns "Escaped value appropriate for use in a SQL query."        Used like $var = esc_sql( $var );

Upvotes: 0

Views: 49

Answers (1)

KIKO Software
KIKO Software

Reputation: 16751

To escape like PDO you can use:

$conn   = new PDO('sqlite:/home/lynn/music.sql3');
$string = 'Nice';
echo "Unquoted string: $string\n";
echo "Quoted string: " . $conn->quote($string) . "\n";

See:

http://php.net/manual/en/pdo.quote.php

So you don't have to think about what characters to escape and how.

Do note that the type of database you connect to influences the escape.

Upvotes: 1

Related Questions