Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I'm interested in adopting ADOdb (actually ADOdb Lite) and have a
simple question that I haven't been able to quite pinpoint an answer

I'm used to using the native mysql functions with
mysql_escape_string().  With ADOdb, is this handled transparently with
the execute method or should I take my own steps to sanitize input

Also, one of the reasons I'm looking at ADOdb is I'd like to start to
explore postgreSQL.  Are the security considerations with postgre
similar to mysql?

If you can point me in the right direction, I'll appreciate it.


Re: ADOdb

Quoted text here. Click to load it

Yes. Pretty much. The permissions system is not the same, iirc.

Re: ADOdb

Tom wrote:
Quoted text here. Click to load it

When using adodb you should escape strings using the $db->qstr() method,  
this will escape the string properly for the database type you use.

Data returned will be returned 'sanely', i.e. if slashes where added for  
insertion into the database, they will be removed automagically.

Have a look at the adodb documentation, it's pretty detailed and  
explains all this.

Grz, Jrf

Re: ADOdb

Thank you for the responses.  This helped.

In the event anyone else comes across this with the same question,
here's the ADOdb documentation:

And on inserting:

I also found the Wikipedia article on SQL injection useful (it mentions
ADOdb specifically):


Site Timeline